In the past it was leaves on the track or too much rain or snow that was blamed for delayed services on the trains. In the last few years, a whole new problem has emerged – cyberattack.

As Iran recently learned the hard way, when a cyberattack blamed on an Iranian opposition group, recently stopped all passenger and freight trains in the country, a technological assault can be far more devastating than bad weather or a late driver.

Iran isn’t the only country at risk. In the UK in July, a ransomware attack targeted the self-ticketing terminals at Northern Railway. Other malware, ransomware, DDoS attacks and data breach attacks have happened in the US, South Korea, South Africa, and across Europe over the last seven years, costing hundreds of millions of dollars and putting the lives of many at risk.

No-one can afford to ignore the dangers any more. And that’s where Israeli rail cybersecurity startup, Cylus, comes in.

“Unlike cars, which will only become autonomous in a few years, trains are already autonomous today. It’s a process that began some 15 years ago,” explains Amir Levintal, the cofounder and CEO of Cylus, which is working with rail companies all over the world.

Cylus co-founder and CEO Amir Levintal. Photo by Omer Hacohen

Levintal started Cylus after completing prolonged military service in an elite technological unit of the Intelligence Corps. Upon his discharge, he and fellow cofounder Miki Shifman looked to apply their professional know-how to industries still lacking in the cybersecurity aspect and landed upon one of the most veteran industries of the modern world: trains.

“When we looked at this industry, we understood that it underwent a real revolution in terms of digitalization, but that there’s no player in the world that’s protecting these systems,” Levintal tells ISRAEL21c.

“We decided that with our background, which is very suitable for the defense of complex systems, we’d be suitable for this industry.”

Communication systems in motion

Cylus protects and continuously monitors the operational network of the rail system to detect any malicious activities that might harm or impact the safety, continuity and service availability of trains, Levintal explains.

“We connect in a safe way and monitor all the traffic and operational communication between the different systems. Using machine-learning and AI, we’re able to identify anomalies within these networks that represent the attacker who’s inside the network. This way we manage to identify the attacker in real-time.”

He says Cylus developed unique technologies and developed algorithms that combine an understanding of cyber and an understanding of the rail business.

The Cylus teams works on unique technologies that combine both cyber security and rail business logic. Photo by Omer Hacohen

“Trains are data centers that are always on the go,” Levintal says.

“They’re communication systems in motion – they move from station to station and each time need to connect anew to another station. That’s why the technology is very complex and different from any other industry. You need to understand not only the technology but also how trains work.”

Serving rail companies worldwide

Since last being featured in ISRAEL21c in 2018, Tel Aviv-based Cylus has grown into a 50-person company and completed two funding rounds, including one in 2020 involving Alstom, a leading French rail manufacturer.

Cylus serves clients across the United States, Europe, the Asia-Pacific region and, of course, Israel.

According to Levintal, the last few years have seen a sharp rise in rail cyberattacks worldwide.

“In terms of numbers, there were dozens of attacks in 2020, and probably even more in 2021,” he notes.

“There have been attacks on rail service, on ticketing networks, ransomwares – really all kinds of attacks. We see that the attacks are becoming more intrusive, that they’re harming operational areas relating to safety.”

Among other things, a hacker could even take control of a train, it’s speed and direction.

Maximizing security

A rendering of the Cylus dashboard that enables the continuous monitoring of the rail system’s operational network. Image courtesy of Cylus

Levintal notes that rail systems were designed to maximize safety, not security. They weren’t pre-planned to deal with cyberattacks.

“Because the lifetime of a train is 30 years, even if the rail systems were updated to deal with cyber and were changed along the years, the attacker’s abilities also change, and then a gap grows between the attacker’s abilities and the systems themselves. The cyber attacker gets more and more resources, but the systems stay static.”

Continuous monitoring is needed to recognize a cyber intruder and sound the alarm, he adds.

“There’s an awareness of this need, and that’s why we’re experiencing a very sharp rise in our business activities and our work with customers.”

Cylus, he says, plans to continue expanding its activities geographically as well as in terms of the types of rail companies that it works with, such as urban, mainline, interstate, passenger and freight.

“I’m afraid that there can be events that in one day can broadly hit whole countries, like what we saw in Iran,” he says. “If the rail companies don’t protect themselves ahead of time, it could cause a real transportation problem for people and goods.”

For more information, click here