Together all over Denmark stood for hours: Hackers had installed crypto mines on the servers
Later it turned out that the crash was due to an attack on the system supplier Supeo.
Saturday 29 October trains stopped DSB quiet for a few to three hours after problems with “The Digital Backpack 2”. The IT system is used to distribute critical information about speed restrictions and maintenance work along the railway network to train drivers.
– We are very curious about the security gap, but we simply do not have the answer to it. This is a matter we must delve into, said head of information Tony Bispeskov at DSB – formerly Danish State Railways – to the Danish national broadcaster DR when the problems first became known.
– Very strange
The Danish the train company received a lot of criticism from various quarters. Among other things from professor of digitization Jan Pries-Heje at Roskilde University, because they do not have proper backup solutions in place.
– It is very strange that you have to stop all train traffic in Denmark because you do not have backup systems. It is simply not good enough, he stated to Version2.
It wasn’t until four days after the train stop that DSB was ready to be interviewed about the incident.
The attack turned out to be a hacker attack on subcontractor Supeo. The hackers had gained access to the company’s test environmentand since the subcontractor was not sure whether the production environment was also affected, the company chose to take down both parts.
Offline mode does not work
Security manager Carsten Dam Sønderbo-Jacobsen in DSB tells Version2 that it was not a problem in the beginning.
The system must function in offline mode, but this time the shutdown also caused consequential errors in the IT operating environment for DSB, something which meant that the backup solution did not work as it should.
Since the emergency procedures did not work, train operations also had to be suspended.
– As soon as Supeo found out that the production environment was not compromised, we opened up for normal operation again, says the security manager to the Danish online newspaper.
Install cryptominers
Apparently, the attackers were not looking to take down the Danish railway.
Investigations showed that they had used an insecure port and installed software to mine cryptocurrency in the test environment for the Danish underling
However, DSB is not entirely comfortable with that explanation, and is conducting a thorough analysis to get to the heart of the problem.
The Danish train company promises that over time they will put in place better backup solutions that will ensure that similar problems do not arise again.
– We feel convinced that it was not about sabotage or espionage, but about financial crime, says head of security Dam Sønderbo-Jacobsen.
Poor third-party security
In Norway, the National Security Authority (NSM) has for some time warned against attacks against the supply chain. A survey carried out by DNV in May this year knew that the supply chain is more or less forgotten by Norwegian companies.
This is mainly because it is largely entered into long-term contracts with small subcontractors.
DNV sees a large backlog in built-in safety because the development of global interconnectivity has gone faster than the protection requirements that are set, told
when we last spoke to him.– Most companies that have socially important functions set internal requirements for proper security. So we have come a long way there. But the dependents we have for other companies, often private, are forgotten, for example IT suppliers and consultants, such as NSM director
– We often see that companies further down the value chain are more often affected by cyber incidents. That’s why it’s incredibly important to have a comprehensive overview of your assets, right down to the power supply. My admonition to you who manage this is: Make demands, and follow through and spend money on it. It is much cheaper than cleaning up.
Several train companies are taking action
The attack on DSB at the end of October has caused the other Danish railway companies Arriva Tog, Movia and Nordjyske Jernbaner to review their own emergency plans.
– The incident at Supeo and DSB means that we have to take a look at the safety of our own subcontractors, says CEO Martin Sort Mikkelsen of Nordjyske Jernbaner to ITWatch.
Comments:
We have changed the system for article comments. To create a user account, you must register with BankID.