Scotland’s rail network ‘wholly unequipped’ for Nightsleeper-style cyber attack

SCOTLAND’S railway network is at risk of a Nightsleeper-style cyber attack that could cost multi-millions, it has emerged

Lynsey Hunter, a boss at Network Rail Scotland, has warned the transport system is “wholly unequipped” for the “very real possibilities” of a hacking blitz by tech-savvy crooks.

The regional asset manager (signalling) issued the red alert at an industry conference as the network prepares to switch from mechanical to digitally-controlled signalling.

She said: “My discipline is moving from mechanical signals into the networking world very quickly, and Network Rail is wholly, in my view, unequipped to deal with that transition.

“There’s some very real possibilities with cybersecurity and we are not ready for that.”

She raised the prospect of a hacking attack akin to the plot line in the BBC drama Nightsleeper in which crooks took control of a rail network.

Fears over a real-world attack come after cyber criminals targeted Transport for London (TfL) in September – costing a reported £30million.

Network Rail chiefs told how the London takedown “absolutely devastated” the running of trains and buses across the city.

In the same month Glasgow Central and Edinburgh Waverley had their wifi landing page hijacked and changed to a fake terror attack alert.

The Scotsman reports Ms Hunter was speaking at the Unlocking Innovation conference when she quizzed Robert Ampomah – Network Rail’s chief technology officer.

She said: “I am really hoping that Robert is going to be able to tell me about the plans he has got to manage cyber security and to put us in a position where we’ve got the knowledge to be able to manage it, because right now, certainly within Scotland, we don’t, as far as I can see.”

Mr Ampomah said the recent attacks show there “is a threat” and efforts were being made to provide a system that is “as secure as can be”.

He added: “We only have to look at incidents like TfL suffered recently.

“That absolutely devastated a lot of our systems they use and they are only just getting back up and running.

“So cyber security is definitely a very big threat.

“Within Network Rail, we have a very – I’ll touch wood as I say it – a relatively secure cybersecurity system.

2

“We do have lots of checks and balances – never say it’s impenetrable, because nothing is.

“As part of that transition to digital, the understanding and regulation around cybersecurity is of paramount importance.”

A Network Rail spokesperson said: “The critical systems that run our railway and keep it safe are very secure, due to their type of functionality, meaning that there is no connection to the outside digital world.

“As we continue to invest, upgrade and utilise more digital systems across our network, cyber security is at the heart of the design, as we learn lessons from railways across the globe.

“The events and storyline in Nightsleeper are purely fictional and bear no relation to real life. Our railway, while aided by computers, is actually controlled manually – by drivers in cabs and signallers in signal boxes.”

We told in September how commuters were subjected to far-right messages after hackers took over wi-fi systems at 19 major railway stations.

Anyone logging in to the public network was directed to an islamophobic page titled “We love you, Europe”.

Glasgow Central and Edinburgh Waverley were among the stations affected.

The incident has echoes of BBC thriller Nightsleeper in which hackers take control of the railway network.