A cyber attack can disrupt operations in the physical world — it is no longer confined to the digital world. On November 4th, 2022, Denmark experienced a halt in train services due to a cyberattack. DSB is the largest train operating company in the country and was a victim of a cyber attack which resulted in several trains coming to a standstill. They could not resume their journey for many hours, leaving the passengers stranded, trains halted, and railway authorities distressed.
The incident sounded like the work of a sophisticated cyber attacker that specifically targeted OT systems in an effort to cause major disruptions. However, it was actually the result of a security incident at a Danish company called Supeo that provides enterprise asset management solutions to railway companies, transportation infrastructure operators, and public passenger authorities.
A DSB representative stated that Supeo may have been targeted in a ransomware attack which led to the disruption of all trains. As a result of the hacker attack, Supeo decided to shut down its servers and a piece of software used by train drivers that no longer worked. This is a reminder that attacks on third-parties can have significant and far-reaching impacts on the transportation sector, which relies heavily on interconnected systems and digital technologies.
This is not the first time railway systems worldwide have faced cyber threats. Recent instances occurred in Belarus, Italy, the UK, Israel, and Iran. Modern train systems are vulnerable to hackers, although recent attacks have primarily focused on websites, ticketing systems, and other IT infrastructure rather than directly targeting control systems. However, these incidents show us how an attack on a third-party IT service provider could result in significant disruption in the physical world due to these interconnected systems.
Modern railway systems that rely on a variety of digital equipment have various vulnerabilities due to their interconnected OT and IT systems. The train itself, for instance, makes use of protection systems, passenger information and entertainment systems, traction control systems, automatic train control (ATC) systems, and cab signaling.
For computer-based interlocking (CBI), centralized traffic management, level crossing protection, and switching yard automation, waysides and rail stations depend on smart systems. Ticketing and passenger information systems and traction substations incorporate smart automation technologies.
Due to this convergence of IT and OT systems, hackers can enter OT devices and move to the supervisory control systems and then to your corporate IT systems, causing major operational disruptions. Or, like this incident, attackers can indirectly cause chaos in transportation services even from attacks on third-party devices or networks without directly targeting OT devices.
Source: https://www.securityweek.com/cyberattack-causes-trains-stop-denmark/