Will Generative AI Enhance or Undermine Rail Cybersecurity?


Technologies are becoming more predictive, more intuitive and more sophisticated, and generative AI is the symbol of this movement, one which can drive productivity, but the uncertainty of its potential also raises security questions. Curating personalised content for customers, producing data-informed marketing campaigns, and improving efficiencies in software engineering, are just some of the ways generative AI is already supporting businesses, and for rail, like other sectors, this could mean significant energy and resource is saved. 

An industry which is historically quite careful about introducing innovations, mainly due to the investment and time needed to build new tracks or vehicles, generative AI could be of huge benefit from a rail tech security perspective, as long as the cybersecurity risks associated with its mobilisation are anticipated and mitigated.

Weaponising AI

Often cybercriminals manipulate us – the public, employees, and inadvertent accomplices – to invite a virus or other form of attack into our systems. Generative AI is capable of this type of subterfuge with ever-increasing potency. From the rail perspective, with the right prompt, an engine such as ChatGPT trained on a dataset of specific vulnerabilities can author malicious code, directly targeting those weaknesses across the rail ecosystem. 

Inconsistencies in third-party vendor security mean some will be more susceptible to breaches than others, leading to unintended exposure of proprietary information. Malware or other dangerous packages are more likely to be spread as a result of deepfakes and natural language imitation. 

Only a few months ago, the Future of Life Institute released an open letter with 1,100 signatories calling for a six-month pause on the development of AI models until better controls could be put in place. Undoubtedly, weaponised AI is dangerous to rail cybersecurity, but this does not mean its recent rise has been met with primitive defences.

Security teams adapt to emerging threats all the time, whether the origin is from an opportunistic hacker, a nation-state adversary, or generative AI. Unique rail tech systems, which include signalling, command and control, auxiliary, comfort, and public applications, need a security platform that provides rail operators with the visibility and guidance to proactively monitor and manage cybersecurity and risk across the whole system landscape. 

Generative AI threats are unlikely to be countered using strictly preventative security techniques – on the other hand, cyber security tools driven by AIand monitoring the entire operational rail tech environment ensure a deep understanding of activity across multiple rail tech systems, and through its learning mechanisms will recognise how cybersecurity threats manifest, and so can locate, mitigate, prevent and respond to cybersecurity events when they occur.

The place of AI in rail

Stepping outside the parameters of cybersecurity, AI has a vital role in supporting the rail tech systems underpinning rail from scheduling services according to customer requirements to analysing data from multiple sources – ticket sales, surveys, weather forecasts, and social media – to project demand and build into capacity planning. Rail is familiar with AI and has embraced its utility. Likewise, when it comes to cybersecurity, solutions have developed to keep pace with the complex criminal actor who has a rail in the crosshairs. AI can and must be part of the solution. 

Generative AI can inform cybersecurity protocols, identifying where risks may come from or isolating the vulnerabilities most in need of remediation. Through large language models, cybersecurity teams can interrogate their networks and rail tech systems, as well as the supply chain, to determine gaps and design risk management plans. AI models are instrumental in overseeing and reporting patterns and anomalies in network traffic, detecting real-time cyber threats, and improving incident response. 

AI algorithms can also strengthen authentication mechanisms and protect sensitive data. Additionally, AI can help in training and educating cybersecurity professionals by providing simulated scenarios and assisting in the analysis and treatment of potential vulnerabilities. Whether it is generative AI or, for that matter, any other cyber threat, the intent of the cybercriminal is the same – to obstruct and sabotage information or control systems, often through social engineering to launch an attack or disrupt critical operations. It is up to cybersecurity experts to stay one step ahead of the cybercriminal, and generative AI in rail tech security platforms is one tool at the CISO’s disposal.

In rail’s defence

Due to rail’s unique architecture consisting of legacy operations and multi-faceted, interwoven systems, we need specialised, rail-specific cybersecurity solutions which understand the rail tech portfolio and the challenges it faces. This will include those emerging cybersecurity challenges derived from generative AI. The effect may be more clinical, but it is the same – jeopardising rail operations and putting businesses and people at risk. The greater the expertise and experience of rail coupled with cybersecurity, the better the chance of taking advantage of AI for the defence of the sector rather than its downfall.