Tinkering around with toy trains isn't usually part of the university curriculum.

However, students are helping keep Scotland's railways safe from cyber attacks with the help of a model train set.

The railway industry is increasingly viewed as a viable target for cybercriminals with signaling and train control systems, passenger information systems, and station infrastructure all potentially at risk. 

Glasgow Caledonian University has developed the only testbed of its kind in Scotland that can mimic attacks on vital systems such as level crossings and train sensors.

The real-world effects can range from inconvenient delays to mass casualties.

Controlled by microprocessors and monitored by a bespoke website, it allows researchers and students to manipulate barriers and warning lights or manipulate sensors on the train that alert operators to obstacles in its path.

In August last year, hackers broke into railway frequencies to disrupt traffic in the north-west of Poland, a major hub for Western weapons being sent to Ukraine.

The signals were interspersed with a recording of Russia's national anthem and a speech by President Vladimir Putin, the report says.

A report by the European Union Agency for Cybersecurity (Enisa) found that the majority of cyber attacks target railway IT systems, including those behind  ticket systems, mobile phone apps and passenger information systems.

Dr Salaheddin Hosseinzadeh,  of the cyber security department said: "Our students hack various elements of this model to see what would be possible in a physical environment.

"They can manipulate the level crossing barrier and warning lights, for example, or manipulate sensors on the train that alert operators to obstacles in its path.

"The real-world effects can range from inconvenient delays to mass casualties.”

With recent global cyberattacks on critical infrastructure, such as the Colonial Pipeline in Houston, Texas, Dr Hosseinzadeh said the need for robust cybersecurity measures has never been more apparent.

He emphasised the significance of the project in addressing these threats: “The Colonial Pipeline attack left vast parts of the USA without fuel.

"That is just one example of many recent massive cyber-attacks on worldwide critical infrastructure.

"By using our testbed, our students can see, first-hand, the effects of such an attack on a rail network.

"More importantly, having seen what is possible for hackers, the students then learn how to stop these attacks and make the network more robust.

“Therefore, the initiative not only provides hands-on experience for budding cybersecurity experts but also serves as a vital research platform for developing innovative solutions to protect critical infrastructure

Dionysio Voutos, a fourt-year student said:  “From an educational point of view, this is fantastic.

"Students cannot experiment in a real-life critical infrastructure network because of the potential for error.

"The testbed gives us the next best experience of putting into practice all that we have learned and allows us to hone our skills in a safe, but realistic, environment. 

Plans are now under way to digitise the model, making it accessible to remote learners, and to collaborate with rail-industry experts to further enhance its capabilities.