CyberCrimeSecurity

Government’s Free Train Wi-Fi Project Has ‘No Mandatory Cybersecurity Guidelines’

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Follow on: Google +

FoI request shows train operators that apply for £50m free wi-fi fund will be left to their own devices when it comes to cyberscurity

The government has no plans to issue mandatory cybersecurity guidelines to train operators as part of a £50 million project to get free Wi-Fi on the majority of railways in England and Wales by 2017, according to a freedom of information (FoI) request

The FoI revealed that although the Department for Transport (DfT) had provided a number of suggested strategies, none of these were required to be implemented in exchange for funding.

Raj Samani, EMEA CTO for Intel Security, which submitted the FoI, said that although free Wi-Fi networks on trains would not pose unique technical risks, the popularity among commuters would make them prime targets for cybercriminals.

Security risk

Virgin Trains Beam“Train lines and stations, airports and coffee shops are particularly vulnerable, as these are popular commuter hotspots,” he told TechWeekEurope. “Hackers can access not just personal, but corporate data, meaning the potential value of an attack is increased.”

Samani said rogue Wi-Fi networks could pose as genuine free access points. Connecting to these could expose data or install malware, such as ransomware. With many commuters eager to work to and from the office, this could a potential security headache for business.

“Using public Wi-Fi is always tempting, but we have to remember that it is often neither secure nor safe,” he added. “Cybercriminals are able to use unprotected Wi-Fi to steal data – whether corporate documents being shared while ‘on the go’ or personal information. Commuters should be especially careful not to exchange payment information over public Wi-Fi.

“If commuters do need to access public Wi-Fi, it is always best to take steps to implement security. This might include using a VPN (Virtual Private Network) to ensure that all data is securely encrypted. In this way, even if a hacker intercepts their data, it remains safe.”

Train Wi-Fi

A number of train operators already offer wireless connectivity on several routes, but the government wants to expand this network by requiring all bidders in future franchise auctions to make provisions for wireless connectivity.

However the £50 million pot was designed to encourage four operators – Thameslink, Southern and Great Northern (TSGN), Southeastern, Chiltern, Arriva Trains Wales – which had no Wi-Fi plans in place and there were no auctions scheduled for two years. These firms were invited to bid for grants, funded by fines levied against Network Rail for missing punctuality targets.

The Department for Transport (DfT) has been contacted for comment.

Minister for the Digital Economy Matthew Hancock reiterated the government’s plans to eradicate notspots at the Broadband World Forum (BBWF) in London last week.

Virgin Media CEO Tom Mockeridge objected to this, arguing that if the government was serious, it would ensure there was in-tunnel Wi-Fi and 4G on Crossrail. Transport for London (TfL) has told TechWeekEurope there will be connectivity on the Elizabeth Line when it opens in 2018.

Think you know your transport tech? Find out with our quiz!