Land transport and cybersecurity: the importance of a responsive, available and trusted network

When cyber threats target road and rail

With digital technology increasingly connecting public transport networks and road and rail infrastructure, cyber risk is on the rise. Stormshield provides support for the land transport sector, ensuring that new road and rail services (tolls, signalling, e-ticketing, wifi, etc.) remain operational and safe for all users.

Facing human and economic issues on land transport

“Land-based” transport is a critical activity because it presents major human and economic risks: in the event of a failure, traffic regulation, signalling and switches can be disrupted. In the event of a cyberattack, the remote control of metro trains is no mere science fiction scenario.

To ensure the performance and resilience of these critical IT networks, they need to be segmented using our Stormshield Network Security (SNS) firewall range. These firewalls prevent both known and unknown attacks based on an in-depth contextual analysis of operational protocols. This analysis also includes fine-grained control of authorised messages and the use of custom patterns. Our network protection solution also offers very high availability thanks to its bypass functionality and its Intrusion Prevention System (IPS), which is optimised for low induced latencies. At the same time, our Stormshield Endpoint Security (SES) product provides an effective solution for blocking advanced attacks against endpoints and network components.

With the Stormshield XDR offering, effectively combine Stormshield solutions with each other. Be notified of incidents based on analyses of your endpoints, networks, web files and emails before managing the response with your various security products, driven by centralised incident management. This is the ideal combination for alerting you in real time and managing a rapid, long-term response on both the network and endpoints.

Securing infrastructures that cover large geographical areas

Land transport has many critical points, with facilities spread over several countries or cities, large vehicle fleets, railway stations, metro stations and toll booths. When dealing with such large infrastructures, teams of administrators need to be able to easily deploy and manage security equipment without necessarily relying on local experts.

This is the mission of our centralised management solution Stormshield Management Center (SMC), which allows SNS firewall(s) to be pre-configured using the USB staging process. In addition to the centralised management of multiple distributed SNS solutions, the SMC solution also enables VPN management and filtering to be combined into a single interface. For an even clearer overview, take advantage of the unified presentation of event logs from your SNS firewalls with Stormshield Log Supervisor (SLS).

Protect sensitive data shared in critical environments

Land transport includes a wide variety of vehicles (high-speed trains, trams, etc.) that need to be contactable wherever they are, and whatever their connection means. Our Stormshield Network Security (SNS) solution manages disconnections and network link changes by managing multiple WAN accesses and changing links based on their availability. In the event that a vehicle or item of equipment is temporarily unreachable or unavailable, the Stormshield Management Center (SMC) solution handles deferred and automatic configuration deployment.

Our Stormshield Network Security (SNS) firewalls’ IPSec site-to-site VPN creates an encrypted tunnel that manages the authentication, confidentiality and integrity of information exchanged between vehicles and remote and distributed computing centres. With the VPN secrets physical storage module (TPM) and SNS's Restricted mode, trade secrets, defence secrets and other traffic control data are well protected.

Answer to specific intervention requirements and environments

For vehicles or equipment that are difficult to access physically, we provide your teams and third-party service providers with secure remote access via the mobile SSL and IPSec VPNs of our Stormshield Network Security (SNS) solution and its user authentication for network data flows.

We have also created hardened firewalls that are easy to mount in electrical cabinets for these constrained environments (size, temperature, moisture, dust, etc.). They can be installed as close as possible to the equipment requiring protection, without a computer rack.

Regulation to meet the transport challenges

Because a cyber attack in the transport sector can result in physical injury and environmental damage, organisations in the sector are governed by a series of cyber rules and standards. In addition to the national level, these organisations must comply with European cybersecurity regulations such as the NIS and NIS2 directives, the RGPD or the Cybersecurity Act. Other standards (such as Common Criteria EAL3+ & EAL4+ or the ISO/IEC 27000 series for example) are not mandatory under current legislation but help to improve the level of cybersecurity of companies in the transport sector.

Stormshield products help companies to comply with these requirements by improving the cyber resilience of their infrastructure. For example, Stormshield Network Security (SNS) and Stormshield Endpoint Security (SES) products enable Critical Service Operators (OESs) to deploy security solutions that improve the level of protection of their critical information systems. For example, Stormshield Network Security firewalls provide network segmentation, remote access security, user authentication and vulnerability management. To find out more about how Stormshield products comply with cyber regulations in the transport sector, read our dedicated document.

With Stormshield, cyber-serenize your transport activity. Our teams are on hand to understand the needs of your network or infrastructure and provide you with the most effective solutions. Network protection, endpoint protection, data protection: find out how to combine cybersecurity, sovereignty and cyber-protection.