Going digital poses a challenge for critical infrastructure operators

LONDON – The biggest challenge facing critical infrastructure is a push to go digital despite controls being dated, according to a panel speaking at this week's InfoSecurity Europe.

For example, the control systems used by Network Rail, which owns and operates Britain's rail infrastructure, is made up of an electro-mechanical infrastructure. However, Peter Gibbons, head of information security at Network Rail, said the company is in the process of making it more computerized.

Gibbons said his team has to apply new sets of practices to accompany the updated control setup.

"The bigger challenge comes with the bits [of technology] that are already there," Gibbons said during a panel discussion on Wednesday. "Interlocking technology is hardware based, but it's not computerized and not programmable. When you start computerizing that, it becomes a real challenge."

Mark Jones, CISO at British Airports Authority (BAA), which runs the Heathrow Express, an airport rail that offers transportation from Heathrow Airport to central London, said his company is experiencing a cultural impediment.

As Heathrow Express is updated, Jones is tasked with ensuring workers who are familiar with the traditional system can collaborate with those who specialize in implementing the new system.

And even once the updates take place, there's a concern for a potential attack, Gibbons said, adding that Network Rail could "absolutely" be hacked.

"We're looking at a system that's largely based on Victorian technology," he said. "You look at the growth numbers and what the government wants us to do, and you can't do that with the technology we have. We have to put more trains onto the infrastructure, and to do that we can't use the current systems and signal boxes we're using."