Rail cyber security: A family business

...or "How I discovered that my grandfather was a 'malicious cyber threat actor' during the Second World War".

For many in the railways, it’s a family business. For over 150 years, generation after generation have passed down skills and made the railway the lifeblood of their families and communities: the ties run deep. For many years I thought that I had stumbled into a career in railway systems engineering and safety through an early career punt on what I thought was a quirky project to design an LED railway signal. But looking through the census recently I was reminded of something I already vaguely knew: in 1901 my great, great grandfather, Arthur Breathwaite, was a Station Master, residing at Railway Cottages, Borehamwood. Recently I’ve discovered another link to the railway in my family history. It wasn’t quite what I expected…

The birth of railway cyber security

Over lockdown, I finally finished writing a book about my grandfather’s war history. His name was Jaroslav Bublík and he and his cousin, Josef, escaped from occupied Czechia in 1930 after Hitler forcibly took their country. They joined the French Foreign Legion in the Lebanon and after fighting in the Battle for France, both eventually landed in the intelligence services of their exiled country, based in and around High Speed 2 territory in Beds, Herts and Bucks.

My grandfather was a linguist and signaller. He was therefore recruited to train radio agents to be dropped back in their home country and to maintain radio communications with agents in the field. This included the famous agents Jozef Gabčík and Jan Kubiš, who on being dropped, assassinated the SS leader and ‘Protector’ of Bohemia and Moravia, Reinhard Heydrich in arguably the most famous act of resistance in the Second World War.

My grandfather was based near Leighton Buzzard, in a radio station equipped with the latest technology from the famous code breaking centre at Bletchley. The small team there were able to communicate with Bletchley instantly using teleprinters - the email of their day - and communication cables criss-crossed the area, under the feet of Network Rail’s current HQ at Milton Keynes. As representatives of a sovereign state on British soil, the Czechoslovaks were allowed to develop their own ciphers and codes. At one point in 1943, one of the agents in the field, Stanislav Srazil, was captured by the Gestapo and forced to send disinformation, in an early example of a ‘man in the middle’ attack. Srazil included a secret code in his messages to indicate to the men in Leighton Buzzard that he was captured. Communications continued regardless, to keep Srazil alive for as long as possible - efforts that were ultimately fruitless. All of these actions, defenses and counter actions have their parallels in the modern world of digital communications.

And what of Josef Bublik? He was parachuted in to Bohemia at the same time as the Heydrich assassins. His mission?: To blow up a railway bridge.

Operation Bioscope: a malicious attack on critical national infrastructure

Josef Bublik was a member of Operation ‘Bioscope,’ whose purpose was to sabotage two different targets in East Moravia. The first target was the transformer station at Vsetín, which was critical to the supply of electricity in the area. The second was a railway bridge at nearby Hranice, which was part of a key supply route. Then, as now, the vital importance of the railway to logistics was understood. Unfortunately, the mission’s leader was caught by the Gestapo not long after landing and their vital equipment taken. Josef and another team member then went into hiding in Prague.

The story of Josef’s ultimate demise (along with Gabcik and Kubis) in the aftermath of the Heydrich assassination is a famous one that has been immortalised many times in film and print. More about this story is described in my recently published book (shameless plug): ‘Foursquare: the Last Parachutist.’

Political warfare

Acts of sabotage are often valuable to the perpetrator at least as much for their psychological effect, as for any practical damage that they cause. Targeting key infrastructure may impact logistics only temporarily, but any disruption is inevitably high profile and leads to the public feeling vulnerable. Such attacks are also inherently dangerous and may hurt or kill people. They are therefore a very useful political tool. It’s a lesson I was reminded of when I saw press reports of Vladimir Putin’s recent ‘state of the union address’, when he made a thinly veiled threat to use digital sabotage on critical infrastructure:

We don't want to burn bridges, but if somebody interprets our good intentions as weakness, our reaction will be asymmetrical, rapid and harsh

For those within the world of cyber security, the use of the word ‘asymmetrical’ was a clear nod to cyber offense, with an awareness of how damaging that would be to rival national politicians.

Putin’s statement was in the aftermath of political tensions caused by the build up of Russian troops on the Ukrainian border and the announcement from the Czech authorities that it held Russia responsible for the deaths of two civilians and an explosion in the Czech town of Vrbetice.

This Cold War style spat took me full circle to my grandfather’s story of communist domination after the Nazis had been expelled from Czechoslovakia. So it seems the fault lines in Europe are still in broadly the same place; now, as then, we should recognise the vital practical and political imperative we have to keep our infrastructure both safe and secure.

The next issue

In the next issue I’ll be taking you through another of my ramblings on the safety of modern transportation. Please subscribe now so you don’t miss it.

Thanks for reading

I hope you enjoyed the this edition of Tech Safe Transport. If you did please share it with someone else who might. All views are my own and I reserve the right to change my opinion when the facts change (or even just when I think a bit harder). If you have any thoughts or comments please feel free to send me a message on Twitter. The photo image is "morse code" by herbrm and is licensed with CC BY-NC-ND 2.0. To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-nd/2.0/. Many thanks again to my ever-discerning editor, Nicola Gray.