Cylus- Cyber Security Solutions for the Railway Industry
As railways progress to automated and wireless technologies, their most safety-critical assets are exposed to new and dangerous types of cyber threats. Cylus is a cybersecurity startup dedicated to addressing the security challenges of the railway industry, led by senior officers from the IDF’s elite Intelligence Corps, who leverage their combined experience designing cutting-edge cybersecurity solutions. We spoke with Cylus CEO Amir Levintal to learn about the challenges and oportunities in the era of connected railways. Share
What was your background prior to founding Cylus?
I served in the elite technological unit of the IDF for 22 years. My most recent role there was Director of the Cyber R&D Division, where I led a team of cybersecurity experts and software engineers. During my military service, I gained extensive experience leading numerous advanced R&D projects and managing groups of highly talented and motivated teams who developed groundbreaking, mission-critical projects. My cofounder, Miki Shifman, who served in the same elite unit, brings vast hands-on experience leading R&D teams in cybersecurity – on both the system and architectural levels.
In early 2017, we began exploring the rail industry and the new technologies which have been introduced into the industry over the past years such as control systems, remote monitoring, remote maintenance, passenger Wi-Fi and other new digital technologies and services. What we discovered was that railway systems are becoming more and more “connected,” exposing safety-critical assets to malicious cyberattacks. These attacks have the potential to threaten passenger safety, disrupt service, and cause severe economic damage.
For example, ERTMS is a technology which controls trains over a wireless channel. The control center can see all the trains in the network, with the ability to increase trains’ speed or stop them altogether. The center controls the train through GSM-R, a technology which is very similar to the second generation of the mobile network which consumers utilize for their smartphones. In 2010, this was considered a cutting-edge technology. But today, it’s an outdated technology with several known vulnerabilities that can be used by hackers to take control of trains.
Given the increased “connectedness” of railway control systems, and the fact that the rail industry is such a “high-quality” target, it comes as no surprise that there have been several reported cyber-attacks on the rail industry. In 2016, there were four reported cyber-attacks on trains across the UK, and trains in South Korea were also hit. Given the increasing vulnerabilities and dangers, we tried to understand if there were any available solutions for this industry to keep our trains safe. However, we couldn’t find a single company dedicated to keeping passengers and trains protected from malicious cyber-attacks.
The absence of any solution led us to found Cylus at the beginning of 2017. We raised $4.7 million from a number of leading VCs including Vertex and Magma along with leading technology investor and entrepreneur Zohar Zisapel and started to develop our solution.
What are the main features of the Cylus solution?
Our unique cybersecurity solution enables rail companies to detect cyber-attacks in their operational network, including their signaling systems and rolling stocks, and block attackers before they can cause any damage. Our cybersecurity system captures data from the operational network and sends it to a server on premises. We then analyze the data and detect traces of attacks within the data, based on our unique research and understanding of rail-specific technologies. Once we detect an attack, we alert the operator and give them actionable insights on how to mitigate the attack. Our overarching approach is that we look at the network as a whole, not as individual components, inspecting all the layers of the network architecture. We analyze the network by understanding the behavior of the train and the track side components, and once we find abnormal activity, we notify the operator that there’s a problem.
One of the advantages of this non-intrusive approach is the ability to deal with new vulnerabilities as they arise. Since passenger safety is paramount to rail companies, approving new software patches is often a long process which can take them months and even years. This process is vital for safety but makes cybersecurity more challenging. If a malicious player finds a vulnerability and publishes it on the internet, the component manufacturer would need several months to approve a new patch. However, we at Cylus update our signatures in real time, detecting attackers who try to leverage vulnerabilities with no delay.
Do you monitor ticketing data as well?
We verify that no one is tampering with the entire operational network, including the trains themselves, the tracksides, and all other components which allow rail companies to improve service and maintain passenger safety. The ticketing system, while crucial, doesn’t bear on the safety of the railway system and availability of service.
Our clients are the rail companies themselves. We service two types of customers in specific: First, infrastructure managers who are responsible for the tracks and other components that control the trains; second, the companies that operate the trains. Since both companies are responsible for safety, they both invest heavily in this field. Today, all train executives realize that cybersecurity is one of the important pillars of safety in the railway industry. With hundreds of millions of train and metro passengers every day throughout the world, the need for more robust network security has never been more critical.
How do you see the future of the connected rail industry?
In the future, all modes of transportation will be connected. For example, commuters may have one route that includes autonomous cars as well as trains and airplanes. There will be synchronization between all modes of transportation both within country limits and between countries as well.
In Europe, trains are already fully connected with complex cross-country networks. In the future, we will see even more connectivity. There will be an increasing level of technologies that improve passenger experience. It may have begun with WiFi, but in the near future, there will be even more services available to commuters because the rail industry is a competitive landscape. Just as the automotive and airline industries have improved their passenger experience, the railway industry will also provide passengers with similar technologies to the ones we see in cars and planes. Services available to customers will be even better than today, and this includes the efficiency of the trains themselves. Trains will be more frequent because most will be controlled by computers, and computers will be able to decrease distance between trains. Trains will be safer, more comfortable and enjoyable, and more efficient, thanks to computers and connectivity.
With these new technologies being integrated into the rail network, we need to be prepared for the future. As we have mentioned, with connectivity comes vulnerability, and more and more trains will become targets for hackers. Over the coming years, rail companies will need to improve the safety of their networks, and we at Cylus are excited to be an integral part of this process – helping protect our trains, and their riders.