Railway: Protecting Control Systems

Background

A rail operator operating in the United States transports food and agricultural commodities, as well as stone products, moving around 38,000 carloads of goods in 2022.

With operations dating back to the 1860’s, the retail operator owns and leases approximately 125 freight railroads worldwide organized in locally managed operating regions in the United States, employing over 7,500 employees and serving 4,000 enterprise customers.

The challenge

The rail operator was looking for ways to strengthen their cybersecurity posture, improve network visibility, automate the detection and protection of threats, and lower operating costs—all whilst improving competitiveness and avoiding cyber governance issues.

They were interested in ensuring compliance and security operations risk management to move away from “run-of-the-mill” protection. The company’s top-level management was adamant about engaging with a vendor that provided a coordinated top-down approach to threat detection and protection to reach all corners of their Edge and IoT infrastructures.

The company’s gradual shift towards digital practices led to a mounting number of security gaps in its infrastructure such as unidentified IoT devices, unprotected control systems, and a growing number of entry points left unattended. The sheer size of their railway system meant it was extremely complex and expensive to physically protect every possible entry point—either because of the vast number of entry points or the huge workforce needed to maintain each entry point.

The Solution

After running a comprehensive Proof Of Concept (POC) with AI EdgeLabs, the company’s networks were carefully evaluated by our team, which found these main challenges:

• Lack of a simplified, ongoing monitoring of control systems for security teams and managers to see what's going on in their Edge and IoT layers.
• Lack of visibility to determine what type of devices are connecting to their network and how they behave.
• Lack of actionable insights to deal with traffic problems in real time.
• Skills gap in the IT staff's ability to manage security risks.
• Lack of a granular outlook of managed and unmanaged devices.

Our team identified troubling vulnerabilities that provided ample room for hackers to access locomotive control systems directly from their in-transit entertainment systems in passenger cabins. Given the depth and granular nature of the insights delivered by AI EdgeLabs, the rail operator had no hesitation in choosing AI EdgeLabs as its primary cybersecurity solution provider.

AI EdgeLabs: Advanced network visibility

AI EdgeLabs protects the client’s critical control systems by mitigating the security gaps created by their growing interconnectedness. EdgeLabs’ provides robust network visibility and anomaly detection at scale with real-time monitoring of assets and a low noise-to-signal ratio that prevents lateral movement attacks.

“From day one, AI EdgeLabs has maximized the way we approach cybersecurity and leaving no stone unturned,” shared the railway operator’s Chief of Information Security Officer. “After careful evaluation of several other vendors, we found that the accuracy and easy-to-use dashboard from AI EdgeLabs were unparalleled, giving us the piece of mind we needed for our expanding railway operations.”

The predictive, deep-learning approach to IoT and Edge cybersecurity defends the client against internal, external, and unknown cyber threats with threat analytics and monitoring based on behavior-based forensics and rich traffic inspection. Additionally, AI EdgeLabs gives the client threat-level outlooks and severity-based prioritization to respond to incidents in real-time. Thanks to the implementation of AI EdgeLabs, our client was able to reduce cybersecurity costs by at least 15% after implementing our solution.

Benefits of AI EdgeLabs for Railway

With AI EdgeLabs' network and device security automation, we:

• Automatically monitor and deploy incident response and remediation protocols.
• Analyze and monitor IoT devices and report data.
• Block all suspicious devices.
• Use smart firewalling to kill compromised device connections
• Improve network threat and malware detection.
• Address rising control systems challenges.
• Prevent control systems and device attacks.
• Enable real-time threat alerts to network and security personnel.
• Ensure scalable distributed defense infrastructure.