What’s Stimulating Greater Cybersecurity Spending in the Railway Sector?

A smooth-sailing railroad industry is integral to a prosperous economy—responsible for transporting goods and people. If, for example, America’s freight railroads were to shut down for one day, the economic loss would be, at the minimum, US$2 billion. Given these factors, a cyberattack and subsequent train shutdown on a railway operator’s network could be devastating. To meet these increasingly common threats, transportation cybersecurity vendors are key.

But what specific factors are leading to greater awareness of and spending on cybersecurity in the railway sector?

In this post, I’ll walk you through the following growth drivers:

  • Cybersecurity regulation often involves new solutions being deployed at the rail network level.
  • Prominent railway attacks make operators wary of security vulnerabilities.
  • Digitalization in the railway industry further exposes the network.  

Cybersecurity Regulation

Regulation is a major catalyst for more lavish cybersecurity spending for railway systems. As mentioned in our 2023 trends whitepaper, the U.S. Transportation Security Administration (TSA) has asked train operators to designate an around the clock cybersecurity coordinator.

Malware strikes, phishing attacks, and ransomware attacks are the most common types of cybercrimes committed on railway systems. However, the industry should still take wide-scale remote control of Industrial Control Systems (ICSs). While very difficult to pull off, the threat of an ICS takeover should be taken very seriously.

In response to these growing security threats, governments want to ensure critical infrastructure, such as freight transportation, is safe from bad actors by introducing robust cybersecurity initiatives. A critical aspect of adhering to such regulation involves deploying hardware and software cybersecurity applications, such as monitoring passenger Wi-Fi access, Data Capture Units (DCUs), and Deep Packet Inspection (DPI) to ensure the monitoring of dataflows within rail networks.

After speaking with several cybersecurity vendors, ABI Research has learned that stakeholders find it crucial to factor in emerging and existing regulations, such as the U.S. Transportation Security Administration (TSA) Security Directive 1580-21-01A or the proposed Cyber Resilience Act and the Network Information Security (NIS2 Directive in Europe, when developing their solutions. Indeed, these cybersecurity solution providers generally believe the regulatory environment is good for business.

To conform with regulations, cybersecurity vendors should:

  • Consistently assess the rail security regulatory space
  • Acquire certifications
  • Seek ways to bridge the gap between Information Technology (IT) and Operational Technology (OT)
  • Develop reliable access control measures
  • Provide continuous intrusion and anomaly detection services

Prominent Attacks on Railway Operators

A recent cyberattack led to the abrupt halting of a train in Denmark caused by an infiltration of drivers’ IT-connected tablets. This is just one of the many examples of railway systems being a prime target for malicious actors—state-sponsored and criminal organizations alike.

Alarms have also been raised by the U.S. Government Accountability Office (GAO). In a recent report, the agency warned industrial operators about “catastrophic-scale” damage if their OT cybersecurity measures are not up to the task.

This all means that industrial players, railway operators included, will feel growing pressure to adopt cybersecurity solutions to safeguard their systems. Failing to do so means the railway operator risks train disruptions and enormous economic losses.

Through interviews with various transportation cybersecurity vendors, ABI Research has been informed that headline-making attacks on IT and OT systems generate more sales. Further, when cybercriminals take control of a physical asset, that’s even more influential in driving new customers.

Accelerated Digitalization

Another big reason why spending on cybersecurity will continue to grow in the railway industry is because of ramped-up digital transformation efforts due to a constrained workforce. In 2019, 48% of rail workers were eligible for retirement, and the average age of a worker in rail transportation in 2022 was 45. For an industry that’s only growing at a rate of 4% annually, staff shortages are inevitable.

Railway operators are turning to digitalization technologies that automate train operations to compensate for this increasingly tight workforce. As the railway supply chain further digitalizes, that creates more network entry points, which is only good news for cybercriminals.

With more connections, such as the Internet of Things (IoT), there will naturally be more security vulnerabilities to account for. As shown in the chart below, ABI Research forecasts that the number of IoT connections in the rail sector will more than double from 9 million in 2022 to 20 million by 2026.


Get More Free Charts

As the digital rail ecosystem widens, so will spending to specify and defend rail perimeters, assets, and train-to-track communications within the railway system. With increased reliance on high data rate wireless connectivity and integrated software systems, cybersecurity vendors will be seen as must-have partners.

Last Remarks

The railway industry is well aware of the growing threat from malicious actors around the world that wish to generate money or inflict state-on-state damage to critical infrastructure. As train operators embrace cybersecurity solutions for attack prevention, vendors need to be prepared to provide security solutions that address railway companies’ biggest pain points. To learn about these nuances, read the related Research Highlight How Can Cybersecurity Vendors Meet the Multitude of Needs of the Railway Sector?

Related Blog Posts

Related Services