Today, we’re diving into the critical and often overlooked world of operational technology security with Rupert Marais, our in-house security specialist. With deep expertise in endpoint and device security, cybersecurity strategies, and network management, Rupert has dedicated years to uncovering vulnerabilities in systems that underpin our daily lives, particularly in critical infrastructure like railway networks. In this interview, we explore the alarming risks tied to outdated train safety systems, the ease of exploiting these technologies, and the broader implications for global infrastructure security. Join us as we unpack the challenges of securing legacy systems in an era of modern cyber threats.
Can you start by explaining what legacy train safety systems like Spain’s ASFA are, and why they’re still in use despite their age?
Absolutely. Systems like ASFA, which stands for Anuncio de Señales y Frenado Automático, are automatic train protection mechanisms developed decades ago—in this case, back in the 1960s. They were designed to enhance safety by automatically enforcing speed limits and stopping trains in emergencies, reducing reliance on human conductors. ASFA, for instance, uses trackside beacons called balises to communicate signals to passing trains through inductive coupling. The reason they’re still in use often comes down to cost and complexity. Upgrading an entire railway network’s safety system is a massive undertaking—financially, logistically, and politically. These systems still function for their original purpose, so the urgency to replace them often gets pushed aside until a major incident or public pressure forces action.
What makes these older systems so vulnerable from a cybersecurity perspective?
The core issue is that when systems like ASFA were designed, cybersecurity wasn’t even on the radar. Back in the ‘60s, the threat landscape was entirely different—nobody was thinking about hackers manipulating train signals. These systems are purely analog, with no built-in encryption, authentication, or other security measures we take for granted today. That means anyone with a basic understanding of how the system works can potentially interfere with signals. For example, the balises on tracks aren’t secured against tampering, and the communication between the train and these beacons can be mimicked or altered with relatively simple equipment. It’s a classic case of technology outliving its secure lifespan.
How did researchers manage to replicate a system like ASFA to test its weaknesses, and what challenges did they face?
From what I’ve seen in similar studies, replicating a system like ASFA often involves piecing together publicly available documentation and reverse-engineering the technology. Researchers might use basic hardware—think copper wire, capacitors, and cheap signal generators—to mimic the inductive handshake between a train and a balise. The challenge lies in the lack of official support or access to proprietary equipment. You’re essentially working blind, relying on trial and error to figure out frequencies and signal patterns. It’s painstaking, but surprisingly doable with minimal resources, which itself highlights how accessible these systems are to potential bad actors.
What kind of vulnerabilities were uncovered when testing these legacy systems, and how serious could the impact be?
The findings are pretty alarming. Researchers have shown they can spoof signals using makeshift devices to send false commands to a train—like telling it to stop abruptly or ignore speed restrictions. In a real-world scenario, this could lead to derailments, collisions, or other catastrophic events. The impact isn’t just theoretical; manipulating a train’s behavior at the wrong moment could endanger hundreds of lives in a single incident. What’s worse is that these attacks don’t require sophisticated tools or deep expertise—just some basic know-how and determination.
You’ve mentioned tampering with physical components like balises on train tracks. Can you explain how feasible that is for a potential attacker?
Unfortunately, it’s far too easy in many cases. Balises are often placed along tracks with minimal physical protection—sometimes just a plastic tube shielding the wiring. An attacker could access these with basic tools, alter the wiring, or even attach a device to manipulate the signal frequency using something as simple as a portable power bank. In many regions, there’s little to no active monitoring of these components, so tampering could go unnoticed until it’s too late. It’s a low-tech attack vector with high-stakes consequences.
How do the vulnerabilities in Spain’s ASFA system compare to other legacy railway systems globally?
Interestingly, among older systems, ASFA is often considered relatively robust due to its simplicity and reliability for basic safety functions. When you look at similar legacy setups in places like Germany, the UK, or even parts of the US, many share the same core weakness: a complete lack of security by design. However, some of these other systems might be even more vulnerable due to patchwork upgrades or inconsistent maintenance over decades. Spain’s system benefits from a certain uniformity, but that doesn’t make it secure—just slightly less prone to certain failures compared to others. There are definitely countries with older, more fragmented systems that are sitting ducks for targeted attacks.
What about newer systems like the European Rail Traffic Management System? Do they offer better protection against these kinds of threats?
Modern systems like ERTMS and its signaling component, ETCS, do incorporate more advanced technology, including digital communication and continuous monitoring, which is a step up from analog systems like ASFA. They can transmit more complex data about track conditions and train behavior, which is great for safety. However, with digitalization comes a new set of risks—think jamming, spoofing, relay attacks, or even data theft. While they’re inherently more secure than legacy systems, they’re not immune to exploitation, especially if attackers find ways to force a fallback to older, vulnerable protocols. The added complexity can sometimes create new attack surfaces that didn’t exist in simpler analog setups.
What is your forecast for the future of railway cybersecurity, especially for critical infrastructure like this?
I think we’re at a tipping point. The wake-up calls are getting louder—research like this is exposing just how fragile our critical infrastructure can be. My forecast is that over the next decade, we’ll see a push toward hybrid systems that blend the reliability of older tech with modern security measures, but it won’t happen overnight. Budget constraints and political inertia will slow things down, and unfortunately, it might take a high-profile incident to spur real change. On the positive side, I expect more collaboration between governments, industry, and cybersecurity experts to develop standards and retrofit solutions. The challenge will be balancing cost with urgency while staying ahead of increasingly creative threat actors. We’ve got a long road ahead, but awareness is the first step.
