FEATURE: Railway Technology – Will 5G create new cyber threats to global railways?

Huawei and China Mobile recently launched 5G at Shanghai’s Hongqiao Railway Station, which will allow passengers to download a 2GB high-definition film in less than 20 seconds. However, the move has raised concerns about how this new network may play into the growing trend of rail and metro cyber-attacks.

Fifth generation mobile telecoms technology, known as 5G, is expected to be a step-change in mobile networking for both consumers and industry, offering users faster download speeds, lower latency and data sharing in real time.

One of the first groups to access the benefits of 5G are commuters at Shanghai’s Hongqiao Railway Stationin China. In February, local telecoms provider China Mobile and electronics manufacturer Huawei launched an indoor 5G digital system at the station that will be fully active by the end of 2019.

Hongqiao station is one Asia’s biggest traffic hubs with over 60 million passengers passing through it every year – that’s around 330,000 users a day. Once fully operational, the new system will see travellers benefit from faster speeds and reduced mobile network congestion; 5G can support around one million devices per square kilometre compared to only around 4,000 for 4G and is also ten times faster.

The launch of 5G at Hongqiao is just the start. It’s widely expected fifth generation mobile networking will in the near future be a catalyst for full digitisation of the rail network, with many countries, including the UK, exploring potential use cases.  However, after the 2017 WannaCry attack, which saw hackers incapacitate Germany’s rail network, what cyber security considerations does the updated network pose?

The risks of digitalisation

While it’s a necessity to modernise the rail sector’s typically ageing infrastructure with the latest digital technologies to remain efficient and competitive, the industry must be acutely aware of the potential risks digitisation brings.

Today, rail operators tend to use separate systems to manage daily operations. These include a Global System for Mobile Communications-Railway (GSM-R) network – a very narrow-band technology used only for sending messages and replies – and the European Rail Traffic Management System (ERTMS), or an equivalent, to control the trains, as well as another system for passengers.

However, increasingly, rail operators are looking at ways to converge all three network services on the same infrastructure and are exploring the potential of 5G, says Amir Levintal, CEO and co-founder Cylus, a cyber security firm specialising in the rail industry.

“When the 5G network is deployed, passengers will use it but also rail companies [will use it] for operations and for other systems that are not very easy to connect to the internet, including safety critical communication, unmanned trains and CCTV,” says Levintal.

He warns, however, that when converging services under one network, even in different siloes, there is the potential for cyber attackers to hack one as a gateway to the others.

“While 5G can easily be created with security in mind, we know from different technologies over the years that hackers will always find the weakest link to penetrate, for example, through passenger internet to gain access to the safety critical networks – that presents a real threat to the train system,” he says.

Furthermore, over time, more and more services will be integrated into the 5G network, creating even more potential attack vectors.