Tinkering around with toy trains isn't usually part of the university curriculum.
However, students are helping keep Scotland's railways safe from cyber attacks with the help of a model train set.
The railway industry is increasingly viewed as a viable target for cybercriminals with signaling and train control systems, passenger information systems, and station infrastructure all potentially at risk.
Glasgow Caledonian University has developed the only testbed of its kind in Scotland that can mimic attacks on vital systems such as level crossings and train sensors.
The real-world effects can range from inconvenient delays to mass casualties.
Controlled by microprocessors and monitored by a bespoke website, it allows researchers and students to manipulate barriers and warning lights or manipulate sensors on the train that alert operators to obstacles in its path.
In August last year, hackers broke into railway frequencies to disrupt traffic in the north-west of Poland, a major hub for Western weapons being sent to Ukraine.
The signals were interspersed with a recording of Russia's national anthem and a speech by President Vladimir Putin, the report says.
A report by the European Union Agency for Cybersecurity (Enisa) found that the majority of cyber attacks target railway IT systems, including those behind ticket systems, mobile phone apps and passenger information systems.
Dr Salaheddin Hosseinzadeh, of the cyber security department said: "Our students hack various elements of this model to see what would be possible in a physical environment.
"They can manipulate the level crossing barrier and warning lights, for example, or manipulate sensors on the train that alert operators to obstacles in its path.
"The real-world effects can range from inconvenient delays to mass casualties.”
With recent global cyberattacks on critical infrastructure, such as the Colonial Pipeline in Houston, Texas, Dr Hosseinzadeh said the need for robust cybersecurity measures has never been more apparent.
He emphasised the significance of the project in addressing these threats: “The Colonial Pipeline attack left vast parts of the USA without fuel.
"That is just one example of many recent massive cyber-attacks on worldwide critical infrastructure.
"By using our testbed, our students can see, first-hand, the effects of such an attack on a rail network.
"More importantly, having seen what is possible for hackers, the students then learn how to stop these attacks and make the network more robust.
“Therefore, the initiative not only provides hands-on experience for budding cybersecurity experts but also serves as a vital research platform for developing innovative solutions to protect critical infrastructure
Dionysio Voutos, a fourt-year student said: “From an educational point of view, this is fantastic.
"Students cannot experiment in a real-life critical infrastructure network because of the potential for error.
"The testbed gives us the next best experience of putting into practice all that we have learned and allows us to hone our skills in a safe, but realistic, environment.
Plans are now under way to digitise the model, making it accessible to remote learners, and to collaborate with rail-industry experts to further enhance its capabilities.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel