Cybersecurity risks of A.I. for Dutch Railways.

Dimitri van Zantvliet
NS-Techblog
Published in
3 min readDec 6, 2022

--

Artificial intelligence (AI) has become increasingly prevalent in the transportation industry, with Dutch Railways (NS) being no exception. With the implementation of AI in various systems, such as train scheduling and passenger information, NS has been able to improve efficiency and provide better services for its customers. However, the integration of AI also brings about new cybersecurity risks that must be carefully considered and addressed.

Train of the future by Don Lawrence

Threat landscape

The threat landscape for AI systems is constantly evolving, with new threats emerging all the time. One major threat to AI systems is the use of machine learning algorithms to create fake data or manipulate existing data. This can be used to trick the AI system into making incorrect decisions, leading to disruptions in services and potentially even safety hazards.

Another major threat is the use of AI in cyber attacks, such as in phishing scams or malware. With the ability to mimic human behavior and adapt to changing environments, AI can be used to bypass traditional security measures and infiltrate systems more effectively.

In addition, the increasing interconnectedness of AI systems creates a larger attack surface, making it easier for attackers to access and exploit vulnerabilities in the network. This is particularly concerning for NS, as the railway network involves multiple systems and stakeholders, making it difficult to secure and monitor.

Attack surface

The attack surface for AI systems can be broken down into three main areas: the data used to train the AI, the AI algorithms themselves, and the systems and networks in which the AI operates.

One major vulnerability in the data used to train AI systems is the potential for bias. If the data used to train the AI is not representative of the real world, the AI may make incorrect assumptions and decisions, leading to errors in its operations. This is particularly concerning for NS, as biased AI algorithms can result in unequal treatment of passengers, leading to compliance issues and potential legal repercussions.

Another vulnerability in the data used to train AI is the potential for data poisoning. This is when attackers intentionally insert fake or malicious data into the training dataset, leading the AI to make incorrect assumptions and decisions. This can result in disruptions in services and potentially even safety hazards.

The AI algorithms themselves can also be vulnerable to attack. One major threat is the use of adversarial machine learning, in which attackers manipulate the inputs to the AI algorithm in order to trick it into making incorrect decisions. This can be used to bypass security measures or cause disruptions in services.

Finally, the systems and networks in which the AI operates can also be vulnerable to attack. This includes the hardware and software used to run the AI, as well as the networks and communication channels used to transmit data. Vulnerabilities in these systems can be exploited by attackers to gain access to the AI and manipulate its operations.

Compliance

With the increasing use of AI in the transportation industry, it is important for NS to ensure compliance with relevant regulations and standards. This includes the General Data Protection Regulation (GDPR), which requires organizations to protect personal data and ensure transparency in the use of AI.

In addition, NS must also ensure compliance with the Railway Safety Act, which sets out requirements for the safety of railway operations. This includes the requirement for railway companies to assess and manage risks, including those related to the use of AI.

Ensuring compliance with these regulations and standards involves a number of measures, including the implementation of robust security measures to protect against cyber attacks, regular assessments of the AI algorithms to identify and address potential biases, and transparent communication with passengers about the use of AI in NS operations.

Conclusion

The integration of AI in Dutch Railways (NS) has brought about numerous benefits, including improved efficiency and enhanced services for passengers. However, the implementation of AI also brings about new cybersecurity risks

Colofon:

This article was 100% generated by chatGPT from chat.openai.com on December 5th 2022, 8.25h using the following query: “write a 1500 words article on cybersecurity risks of artificial intelligence for Dutch Railways using themes as threat landscape, attack surface and compliance.”

;-) Dimitri van Zantvliet, CISO Dutch Railways

--

--

Dimitri van Zantvliet
NS-Techblog

dad, husband, friend, explorer, cyber geek, wonderer..and CISO of Dutch Railways