We all know the trouble Southern Rail are in right now – the dispute with the RMT and ASLE&F are just part of the story with this train operating company.
It seems though that the automatic ticket issuing machines could be at risk of cyber attack, with the reduced numbers of station staff, and the remote management of the devices on stations, perhaps the IOT (Internet of Things) has its part to play too.
According to a report in “SC Magazine” (“Southern Rail ticket kiosks allegedly open to cyber-attack” ):
“Information kiosks used by Southern Rail in stations with fewer staff are wide-open to cyber-attacks, according to a security researcher.”
Whilst these methods of accessing information and/or issuing tickets – presumably restricted to credit or debit cards (Using cash might be another security risk) – are and will continue to be a benefit. Some of the risks with technology, and especially the wider use of Internet connectivity and IOT surely demands more attention to security for the passenger as well as the train operator?
Also quoted in the SC Magazine article are these interesting points:
Javvad Malik, Security Advocate at AlienVault:
“Any public facing device and software will always be a target for attack by criminals. The onus is always on the company to lock down and harden systems as well as have monitoring controls.”
Mark James, IT Security Specialist at ESET:
“Sadly keeping security up together is not always as simple as it seems. As systems develop and mould into the gateways we use each and every day to achieve our tasks, the underlying software often is cobbled or stuck together as more and more is added. When it comes to making it safe and secure it’s not as easy as your average desktop PC. But when the public are using these gateways to hand over private and financial details we would expect them to be as safe as possible.”
It seems here, these machines are only for accessing information and planning journeys. Why would you go to a station to access that detail if it’s already available on various timetabling apps, available for iPhones, Androids, tablets, and of course laptop and personal computers??
From a train operators perspective, and given that Southern Rail are looking to introduce driver only trains, putting ticket machines on the platform is clearly the only option when you have taken away the guards/conductors who ere able to issue tickets on the train.
Apparently, the machines are currently out of use as an investigation into their security is progressed.
In ICT security matters – attention to detail is vital – from both the comments and observations on these terminal devices, there seems to be a number of potential hazards that must be addressed.
Quick fix solutions don’t work, buying products off the shelf and assembling them like a jigsaw won’t help either – the solution needs to address the basic functions of the business, its customers, and the capacity and capability of the systems.
We will await the results with interest.