Computers; what if the railway was attacked?

[Howardh]

If the railways became subject to cyber-attack, what would be the immediate and long-term effects? Ticketing (online and in stations) would obviously be down, but what about signalling and communication? Would trains have to be halted? Would some lines still run and others shut down? Is there a back-up system?
Would red lights used to stop trains still work (ie be switched on/off) and if not, how would you get a train to stop?
Sorry if it all sounds a bit uneducated!
**One worry is aircraft...I understand they can be flown independently but if ATC controls are down in a large country and they have to land...eeekhock:

 

[D Foster]

Simple answer to part of your question(s) - if/when a signal is out (or showing anything less than a 100% correct aspect) it counts as a Red/Stop signal at which a train must stop and wait until instruction is obtained. (It used to be that some signals that caused a stop but there was then no communication facility - for whatever reason - could be passed at Red - with the movement then continuing at caution.

 

[squizzler]

The safety critical systems - whether for aircraft, trains, or even the humble motorcar - should NEVER be online: to do so is asking for trouble.

I suspect it is mainly the admin that can be affected, and such things a baggage handling in the case of airports. With regard to the recent so-called "ransomeware" wheeze that affected the NHS, that was made possible by use of outdated operating systems. I suspect the rail office systems are likely to be more modern than those of the NHS because it is a rapidly growing industry which requires everything to be upgraded and replaced before well before obsolescence - and new operators seem to bring their own systems in with the change of franchises. This also means there is more diversity between different operators - making it more difficult to take everything down in one go.

 

[The Planner]

NR use Windows 7 and all the Lenovo laptops we have don't even have HDMI ports from what I have seen. We have been stopped from using USB or external drives unless provided with properly encrypted ones.

 

[Howardh]

ATC computers have been down (but not attacked) http://www.bbc.co.uk/news/uk-30454240 - link to report from 2014. One presumes rail computers could likewise go down regardless of attack? I'm happy to read that if a signal's down a train will stop; but on another thread I suggested the OS manufacturers should support their OS for a minimum of 25 years. Since 2000 we've had Millenium, XP, Vista, 7, 8, 8.1 and 10, 7 changes in 17 years. 7 is about to be unsupported - the short lifespan is IMO ridiculous. It might be quick and easy to "upgrade" from one OS to another - 10 mins? - but when there are thousands requiring this upgrade that's a lot of man-hours (and they need to be paid for) and I'm not surprised the NHS isn't up-to-date.

 

[Llanigraham]

NR use Windows 7 and all the Lenovo laptops we have don't even have HDMI ports from what I have seen. We have been stopped from using USB or external drives unless provided with properly encrypted ones.

When did they up-date to 7? The computer in the Box when I left was still running XP!!

 

[alxndr]

When did they up-date to 7? The computer in the Box when I left was still running XP!!

Only very recently, I think within the last year. There are still no doubt a few old XP machines floating around some places.

 

[The Planner]

It must be 18 months or more now.

 

[najaB]

Since 2000 we've had Millenium, XP, Vista, 7, 8, 8.1 and 10, 7 changes in 17 years. 7 is about to be unsupported - the short lifespan is IMO ridiculous. It might be quick and easy to "upgrade" from one OS to another - 10 mins? - but when there are thousands requiring this upgrade that's a lot of man-hours (and they need to be paid for) and I'm not surprised the NHS isn't up-to-date.

Corporate IT departments typically have a c. five year upgrade cycle so they likely would only have used 2000, XP and 7 in that 17 years. Certainly that was the case at my previous employer, who are one of the largest companies in the UK.

 

[4973]

ATC computers have been down (but not attacked) http://www.bbc.co.uk/news/uk-30454240 - link to report from 2014.

The national Air Traffic computers are IBM mainframes and (very wisely) do not run MS Windows, hence would not be vulnerable to this particular attack. However any computer can go down in hardware fail situations and NATC has a carefully designed redundancy configuration to prevent on box failing from bringing the whole setup crashing down. Multiple failures can still achieve that since such things cost and the cost must be justified to upper management.

Since Microsoft's licence (if you bother to read it) states clearly that it is not valid for use in safety-critical situations I really am astonished and disgusted to see it used to used so often in critical infrastructure situations. It would seem to be an unorganised conspiracy among those responsible for the setup to stick to something that is guaranteed to require a higher level of support so they have more jobs.

 

[mrcheek]

In the old days, when the TOPS system failed, they used BOTTOMS instead!

Back Over To The Old Manual System!!

But seriously, yeah, if computer systems fail, or get hacked, nobody's going anywhere. Whole system could grind to a halt

This is why the scariest movie I have ever seen is Die Hard 4, because stuff like that could actually happen, and anything and everything could get shut down.

 

[87 027]

Last year the National Cyber Security Centre hosted a public debate on twitter. One of the questions was along the lines of whether nuclear weapons are now unnecessary given that cyber attacks can do so much damage around the world.

 

[squizzler]

<Snip>on another thread I suggested the OS manufacturers should support their OS for a minimum of 25 years. Since 2000 we've had Millenium, XP, Vista, 7, 8, 8.1 and 10, 7 changes in 17 years. 7 is about to be unsupported - the short lifespan is IMO ridiculous. It might be quick and easy to "upgrade" from one OS to another - 10 mins? - but when there are thousands requiring this upgrade that's a lot of man-hours (and they need to be paid for) and I'm not surprised the NHS isn't up-to-date.

At the risk of being off topic, I reckon the solution is to remove "OS manufacturers" from the equation altogether. Network Rail, and essential public services such as police, NHS should be required to use an open source platform like BSD or Linux for all mission critical computing. Free software is considered safer because bugs are more likely to be spotted and patched. It would save a fortune in software licencing fees too.

Maybe the recent NHS system failure will have a silver lining if one of the opposition parties make public sector switch to free software an election manifesto pledge?

 

[blackfive460]

The recent malware/ransomware attacks affected Deutsche Bahn.
See [url]http://www.telegraph.co.uk/news/2017/05/13/cyber-attack-hits-german-train-stations-hackers-target-deutsche/[/URL]

 

[ainsworth74]

7 is about to be unsupported - the short lifespan is IMO ridiculous.

It's supported until January 2020 so it's hardly 'about to be unsupported' and when it does go out of support it'll have had a lifespan of just over ten years which, for software, is not half bad! The problem isn't Microsoft not supporting it's software for long enough it's organisations not planning ahead. It's not as if Microsoft spring these things on people. Right now they're telling you when Windows 10 will go out of support which won't be until October 2025. Plenty of time to plan ahead!

 

[Jordeh]

I struggle to believe all the computer systems the railways use are connected to each other, so I think it is unlikely everything could go down. For instance I can't see why signalling systems and ticketing systems would rely on each other, presumably they're largely independent?

Happy to be corrected though.

 

[Olaf]

I would suggest that UK rail industry has been subject many attacks (perhaps hundreds per annum) over they last seven years at least. There is also a good chance of specific systems having already been compromised but that the expose has not been detected as of yet.

 

[syorksdeano]

I would suggest that UK rail industry has been subject many attacks (perhaps hundreds per annum) over they last seven years at least. There is also a good chance of specific systems having already been compromised but that the expose has not been detected as of yet.

I've had quite a few times where I have been unable to collect tickets because the system was down across the entire country. A majority of the time I have just been told to collect my tickets at the other end, which of course if the ticket office at your starting station can't get access I can't see how the other office will have.

I suppose if the system was hacked then reservations on "ross Country wouldn't work, but then again no one would notice as it's a regular thing.

What would happen with the nuclear trains if the system was hacked and everything brought to a stop, if those trains had already started their journeys?

 

[najaB]

The recent malware/ransomware attacks affected Deutsche Bahn.
See [url]http://www.telegraph.co.uk/news/2017/05/13/cyber-attack-hits-german-train-stations-hackers-target-deutsche/[/URL]

A quote for anyone unable to access the site:

Germany's rail network was thrown into chaos on Friday night when it fell victim to the cyber attack roiling the world.

Hours after NHS hospitals were left crippled by the attack, Deutsche Bahn became the hackers' latest high profile victim.

Using tools widely believed to have been developed by the US National Security Agency, the cyber criminals tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware, called WannaCry, encrypted data on the computers, demanding payments of $300 to $600 to restore access.

Deutsche Bahn computers appeared to be infected with the virus, with the "ransomware" message demanding money appearing on screens at train stations.

Pictures posted on social media by commuters showed train information monitors displaying the ransom demand to unlock the computers.

 

[Howardh]

It's supported until January 2020 so it's hardly 'about to be unsupported' and when it does go out of support it'll have had a lifespan of just over ten years which, for software, is not half bad! The problem isn't Microsoft not supporting it's software for long enough it's organisations not planning ahead. It's not as if Microsoft spring these things on people. Right now they're telling you when Windows 10 will go out of support which won't be until October 2025. Plenty of time to plan ahead!

2.5 years is a short time; ridiculously short. Just because the latest software is overtaken by the next latest software shouldn't mean you abandon the first, and be forced/blackmailed into upgrading (at time and possibly expense) especially (as in XP) there are still vast amounts of users. If a train lasts 30-odd years, so should Windows 2000!!!

Wat also annoys me about *upgrading* is that software designed for one OS may not work in the next, so there's the added cost and hassle of upgrading your software.

For example - stuff I've bought in the past - Ulead Photo Express, works in XP but not on 7. Magix Audio Cleaning lab, works in XP, but only partially on 7. Granite 2 works in XP but won't load in 7. (So no chance with 10 even though I've tried and done all the compatability stuff)

Why should a customer have to go out and replace loads of software just to keep up with having a supported OS? It's blackmail!!

But that's getting off-topic; at this point I just want to know, as a passenger, am I safe, and the resounding answer seems to be yes

 

[Howardh]

A quote for anyone unable to access the site:

Thanks for that, but the reports doesn't say whether the trains kept running (even with delays). Can anyone fill in?

 

[87 027]

Apple stopped supporting my 2005 iMac (running on PowerPC) after just 4 years and I'm stuck on OS 10.5 Leopard. Seems unfair that MS are getting all the criticism. And look at how long it took to find the Shellshock vulnerability in Unix/Linux - it had existed since 1989

 

[najaB]

2.5 years is a short time; ridiculously short. Just because the latest software is overtaken by the next latest software shouldn't mean you abandon the first, and be forced/blackmailed into upgrading (at time and possibly expense) especially (as in XP) there are still vast amounts of users.

Well under 10% of the Windows installations based on multiple sources. See here for running stats: http://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide

 

[Jordeh]

What would happen with the nuclear trains if the system was hacked and everything brought to a stop, if those trains had already started their journeys?

As interesting topic as that is, those sort of contingency plans will never be in the public domain for fairly obviously reasons.

 

[ainsworth74]

2.5 years is a short time; ridiculously short.

But the end of support date has been known about for far longer than the remaining two and a half years! It isn't like Windows 7 was introduced yesterday or Microsoft decided to announce that support will end a week ago. By the time support ends for Windows 7 it'll be over ten years old. Again, Microsoft don't spring these things on people. Any one using Windows 10 knows right now, today, that it will go out of support in 2025. If we get to 2024 and people haven't planned an upgrade how on earth is that Microsoft's fault?!

 

[najaB]

For example - stuff I've bought in the past - Ulead Photo Express, works in XP but not on 7. Magix Audio Cleaning lab, works in XP, but only partially on 7. Granite 2 works in XP but won't load in 7. (So no chance with 10 even though I've tried and done all the compatability stuff).

If it's that important, then just continue to run Windows XP, it's really not that hard. Right now I've got Windows 95, 2000, XP along with OS/2 Warp all installed.

 

[ainsworth74]

Well under 10% of the Windows installations based on multiple sources. See here for running stats: http://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide

I love that XP is still beating Vista

 

[Jordeh]

2.5 years is a short time; ridiculously short. Just because the latest software is overtaken by the next latest software shouldn't mean you abandon the first, and be forced/blackmailed into upgrading (at time and possibly expense) especially (as in XP) there are still vast amounts of users. If a train lasts 30-odd years, so should Windows 2000!!!

Wat also annoys me about *upgrading* is that software designed for one OS may not work in the next, so there's the added cost and hassle of upgrading your software.

For example - stuff I've bought in the past - Ulead Photo Express, works in XP but not on 7. Magix Audio Cleaning lab, works in XP, but only partially on 7. Granite 2 works in XP but won't load in 7. (So no chance with 10 even though I've tried and done all the compatability stuff)

Why should a customer have to go out and replace loads of software just to keep up with having a supported OS? It's blackmail!!

But that's getting off-topic; at this point I just want to know, as a passenger, am I safe, and the resounding answer seems to be yes

I don't think that's a fair analogy. Often train manufacturers (or parts manufacturers etc) receive income for the maintenance of a train over its lifetime so there's every incentive for them to do so.

Microsoft shouldn't be expected to maintain their software indefinity at great cost to them. The reality is virtually no software is released nowadays for Windows XP. A lot of websites will struggle with Windows XP web browsers too, should they also be expected to cater for its small user group too? It's time to move on.

Finally, Microsoft have released an update to Windows XP this morning in relation to the ransomware.

 

[Howardh]

If it's that important, then just continue to run Windows XP, it's really not that hard. Right now I've got Windows 95, 2000, XP along with OS/2 Warp all installed.

It is if your drive fails and you need a replacement. You can't set up virtual mode on computers running 7 home, or 7 pro if your ram is under 4gb. My main PC supports XP mode and I do use that, my upstairs PC doesn't. Even second hand computers with XP are difficult to find...although happily not impossible! If one doesn't like 10 my local second-hand shop had a load of windows 7 PC's and laptops available.....but had upgraded the lot to 10 when it was free! :cry:

I like 7, hate 10, it is possible to run 10 in 7 mode, but quite a task to do so.

https://mygaming.co.za/news/pc/116211-this-is-how-many-people-are-still-using-windows-xp.html

OS Market Share
Windows 7 48.41%
Windows 10 25.19%
Windows XP 8.45%
Windows 8.1 6.87%
Mac OS X 10.12 2.91%
Linux 2.05%
Windows 8 1.65%
Mac OS X 10.11 1.55%
Mac OS X 10.10 1.00%
Windows Vista 0.78%

Just under half of OS's are Windows 7, which is due to be obsolete in 2.5 years.

 

[Howardh]

I love that XP is still beating Vista

Never used it, but read that it was appalling!! Anyone here have experience?