On Track: Cervello keeps railways safe from cyber threats
Co-founder and CEO Roie Onn shares how his Israeli startup, developer of a leading rail cybersecurity solution, has successfully broken into one of the world's oldest and most critical industries
In the climactic scene of the hit 1990 movie “Back to the Future Part 3”, Doc Brown and Marty McFly are seen racing their horses through the plains of the old west as they chase after a speeding locomotive they must commandeer in order to return to the year 1985. When they finally manage to jump aboard the train, they put on their bandit masks and point their guns at the engineer.
“Is this a holdup?” the frightened conductor asks with his hands raised high in the air.
Doc shakes his head, “It’s a science experiment.”
Just as rail travel has advanced significantly since the days of the old west, so has rail security. Today’s greatest rail dangers are no longer from masked bandits (or time travelers, for that matter) on horseback, but from cybersecurity threats from individuals or groups sitting behind computers conducting their own ‘experiments’, if you will.
Enter Cervello, a leading rail cybersecurity solution which in a few short years since its founding in 2019 has successfully broken into one of the world's oldest and most critical industries, railway. The Israeli startup, which has raised $19 million to date, was formed by Roie Onn (CEO), Shaked Kafzan (CTO), and Nadav Avidan (COO), three officers and graduates of elite IDF intelligence units who met and bonded in the Zell Entrepreneurship Program at Reichman University in Herzliya where the company was born. Cervello currently has 31 employees, with the majority working out of the startup’s R&D headquarters in Tel Aviv. This month, Cervello became the first known company trusted to secure all railway command and control systems across an entire country, Switzerland, through its partnership with one of the most important and innovative rail organizations in the world, SBB. In an exclusive interview with CTech, Cervello’s CEO and co-founder Roie Onn shared how the company ‘got on track’.
Why is your company called Cervello?
“The word “cervello” means brain in Italian and if you dive deeper, it refers to the more rational and logical part of the brain, the part that makes the calculations as opposed to the emotional side. We chose the name because we see our company as a team that is creating and developing a solution that helps perform analysis and reach a better understanding of the behavior of networks and making calculations based on that. Cervello is all about improving the thinking and the logic behind things, especially for the sake of security.”
Why the focus on rail security?
“Rail is actually one of the most central and perhaps oldest transportation sectors, serving both passengers and the supply chain. Rail is responsible for a large part of a nation’s economy and for the success of many major companies. Of course rail also helps create a greener and safer environment which consumes much less energy, fuel, and other dangerous things we are trying to rid the world of, so it carries a lot of importance for different reasons.
“Historically, rail developed and spread across the globe for different purposes, transporting people and cargo. The railroads were naturally built around more physical mechanical systems and with advancements in technology the rail industry created more electrical mechanisms and techniques. As technology advanced in the 21st century, the rail industry also has become more digitalized.”
Disrupting the rail used to involve something very physical, bandits robbing trains or obstructing the tracks, but now the greatest threat to the rail is a cybersecurity threat from an individual behind a computer.
“You are correct. That’s why I always divide the space into two separate vectors. It’s easy to prove that the railway was and is a very convenient and important target for criminals. Rail has a long history of efforts trying to disrupt and manipulate it. This is true both physically, and more recently, digitally, because it is such a crucial industry and attackers have a lot to gain from it.
“And the second vector is that rail is becoming much more digitized, both to improve, as it competes with other transportation sectors, and to be able to provide faster, more accurate, and available service so that passenger journeys are more pleasant, such as internet connectivity and enabling streaming service on trains and more. Also, let’s not forget the digital advantage of sharing the data that the rail service combines and aggregates with external services and companies that can utilize it for different purposes. This allows rail companies to financially benefit and be more successful and connected due to engagement with other industries.
“So there is a lot of motivation for this kind of digitalization which is going on, but as much as it is progressing it is also exposing itself to a lot of new threats. Also the industry cannot just stop and replace everything, even just updating and improving the existing infrastructure is very complex. So it creates this kind of combination of legacy systems which are extremely vulnerable, alongside new and modern systems. This blend of new and old generates even greater vulnerabilities”
So the challenge is dealing with new and old systems, often at the same time?
“You need to deal with both and you need to understand the logic behind the operation of the railway because it’s not a typical network, it’s not a computing network or typical enterprise. There is a synchronization and logic for how operations are executed. There are a lot of safety measures and a lot of restrictions. You need to remember that it is a service provider and you need to help protect them. What’s important is the product of the railway company and to provide a good and safe service to its customers, whether they are a business shipping cargo or if it's for consumers for public transport.
“Rail is very different from other sectors because it’s not OT, it's not IT, it’s not IoT and it’s not infrastructure, but rather it’s some sort of combination of all of them. You need to have a solution that can very easily adapt to this complex environment and protect and cover it given all the restrictions which are in place. You can’t just bring in something generic from another industry and adapt it. You need to have a solution which is proprietary, not necessarily specifically for rail, but for this kind of concept, a fleet operator that needs to run both the infrastructure and the vehicles it is responsible for. Rail is the sector that we at Cervello decided to start with and focus on. The technology which we have developed, which is also covered by patents, specializes on this subject.”
All aboard: From Startup to Switzerland
The world of rail and rail security is so vast. How did a small Israeli startup like Cervello succeed to break into that space and sign a deal to secure the railway infrastructure across the entire country of Switzerland?
”Part of the opportunity that attracted us as young entrepreneurs was the fact that it was, and still is in many respects, a very conservative market. It’s not the typical high-tech scene. It’s not enterprise software. They don’t have solutions that do what we are offering them today. So, it’s not only a problem solver, it’s also an enabler towards the future. Our solutions compliment what they already have in place. So it is indeed a huge opportunity because the market is vast. We see it with the contracts and deals we have already closed and with our successes.”
What are some of the recent events in the field of rail cyber security? What are the major problems?
“In recent years there have been different cases that have been exposed to the public, including some very unfortunate situations. However, these incidents don’t always necessarily lead to a train derailment or to train crashes, which is the catastrophe everyone is scared of and desperately wants to avoid. But this is not the typical use case. We work with a lot of partners and equipment manufacturers and we always demonstrate how we are capable of simulating a sophisticated cyber security attack with skills that can lead to these types of terrible situations. This naturally raises the awareness of the companies encouraging them to take proactive measures to prevent these sorts of terrible events. You don’t need to be very sophisticated to disrupt the rail operation or the signaling network of a company. It’s important to remember that with rail, all of the service is basically locked. Today a train company that is disrupted will need to shut down everything as they try to deal with the problem because they cannot isolate one specific thing and continue as normal. Meanwhile, service continuity is crucial for the industry. The average loss, for even seven minutes of service disruption of the entire fleet costs hundreds of thousands of dollars for an average company, whether it be passenger trains or freight. Even a slight delay can cost a company not only money but their public reputation and lead to a loss of passengers or clients.”
Speaking of shutdowns, how did the global pandemic, the ultimate global disruption, affect Cervello?
“Surprisingly, a lot of good things came out of the pandemic period for us. We took advantage of the fact that most of the infrastructure managers in the world are governmental and fortunately for us governments did not lose a lot of money compared to the commercial side of the world. So governments took the opportunity of the lockdowns to invest in their infrastructure. Suddenly they had time for things they never had time for or pushed off in the past. They were able to think in a more modern way. This allowed us to achieve things during the pandemic period that we didn’t think were possible. For example, we deployed our solution remotely, we did different projects as a SaaS with railway companies, and we trained people remotely. We were able to conduct tasks that might have previously taken months in mere days. Before the pandemic we were very conservative in our thinking and believed we needed to fly everywhere to get things done, to install things only physically and on-site, that nothing could be shared outside the networks, but the pandemic turned out to be a huge boost for us. Together with our clients we learned to think differently and to think digitally. We quickly learned there is not just one way of doing things. I believe that the pandemic, at least for us, pushed the industry five years forward, we never would have gotten to where we are today so quickly otherwise.”
So, where do you see Cervello in five years from now?
“We see ourselves leading the rail cyber security sector and working with a significant portion of the leading companies in the rail field today and also branching out to different sectors that are equivalent to rail. There are a lot of opportunities and there is already significant interest in our technology coming from these other sectors.”
Israel is known as the ‘startup nation’ and also the ‘cyber nation’, but certainly not the ‘transportation nation’, what can companies like Cervello do to help its image?
“You hit the nail on the head. The infrastructure in Israel is not the best, but it is improving, like the light rail in Jerusalem and hopefully soon the one being built in Tel Aviv. We at Cervello have engagements with all the potential rail companies in Israel and this is something that is very important to us because we are a proud Israeli company.”