Why Awareness Matters
Cyber incidents in transport do not stay digital for long.
Real incidents are usually the fastest way to explain why cyber readiness matters in rail and wider transport. The pattern is consistent: passenger information, ticketing, support tools, suppliers, and legacy operational systems can all turn into service disruption.
Every cautious decision compounds resilience.
Rail operators carry a mix of customer data, supplier dependency, operational technology, and public trust. That means seemingly small judgment calls, like a clicked link or ignored anomaly, can move fast into service disruption.
- Third-party and supplier dependencies keep showing up in real transport incidents.
- Passenger-facing systems may not be safety-critical, but they still create disruption, reputational damage, and operational workload.
- Legacy radio and OT environments can stay exposed for years when authentication and segmentation lag behind.
- Teams with credible manual fallback processes usually absorb impact better.
Questions worth asking after every case
- Which services would we have to run manually for the first 24 hours if core systems were unavailable?
- Which suppliers or support tools could interrupt operations even if our own network stayed intact?
- How would we separate customer-information disruption from genuinely safety-critical degradation?
- Who needs to be told first when an incident affects service delivery, customer data, and public confidence at the same time?
2017
NotPetya at Maersk
Impact: Port and cargo operations were disrupted globally, and Maersk later said the incident could cost $250 million to $300 million.
Why it matters: A destructive IT event can become a transport operations crisis quickly, even when attackers never touch safety systems directly.
Source: Reuters / Fortune
Read source2022
Belarusian Railway disruption
Impact: Ticketing and internal railway systems were disrupted after activists said they had breached and encrypted systems to slow Russian troop movement.
Why it matters: Rail systems can become direct targets in broader geopolitical conflict, and customer-facing disruption may only be one part of the impact.
Source: Railway Technology
Read source2022
DSB supply-chain outage
Impact: A compromise at subcontractor Supeo led to several hours of train standstill in Denmark because drivers could not access a key support application.
Why it matters: A supplier issue can still stop the railway, even when core infrastructure is not the direct target.
Source: Reuters / Euronews
Read source2023
PKP radio stop-signal hack
Impact: More than 20 trains were halted in Poland after attackers abused an unauthenticated emergency radio-stop command.
Why it matters: Old signalling and radio assumptions can leave safety-adjacent systems exposed long after the weakness is publicly known.
Source: WIRED
Read source2024
Transport for London cyber incident
Impact: TfL detected a cyber incident on 1 September 2024 and only restored some customer functions, such as journey histories and refund features, in December.
Why it matters: Even when services keep running, recovery for customer systems, data handling, and public confidence can be long and resource-heavy.
Source: Transport for London
Read source2024
Network Rail station Wi-Fi incident
Impact: Wi-Fi at 19 major UK stations was suspended after an unauthorised change to a landing page pushed extremist content to passengers.
Why it matters: Systems that look peripheral can still create public alarm, reputational damage, and immediate operational overhead.
Source: The Guardian / Network Rail statement
Read source2025
Ukrzaliznytsia cyberattack
Impact: Ukraine's state railway said a targeted cyberattack hit passenger and freight systems, forcing ticket sales back to stations and trains until services were partially restored.
Why it matters: Manual fallback, staffed counters, and resilient offline processes are not old-fashioned. They are part of continuity.
Source: Reuters
Read source