Tushar, Author at anteelo

Major Trends that will affect Cyber Security

Posted on 14/08/202009/06/2021 by Tushar

Will this year be as tumultuous as 2020? Let’s hope not. But one thing won’t change: In 2021, as is the case every year, companies will continue to be challenged by new or evolving cyber security threats.

We expect 5 security trends that emerged or accelerated last year to demand even more attention from organizations this year. Here is a look at key threats, potential vulnerabilities and defense strategies in 2021:

Zero Trust becomes more relevant than ever

While the concept of Zero Trust has been around for over a decade, only now is it becoming a viable defense strategy. Today, every endpoint including remote PCs, smartphones, tablets, IoT sensors, containers, virtual systems and cloud resources is susceptible to attacks.

Traditional defenses are meaningless in an environment where the traditional network perimeter is slowly dissipating. It’s not just a matter if these assets will be compromised, but when. The only safe response is to trust nothing on your network and assume the environment is compromised. The premise of Zero Trust management is that to be secure, organizations must verify and authenticate access in a continuous manner.

In 2021, the rise of machine learning is paving the way for Zero Trust. Machine learning can be used to help document baseline user behavior and detect anomalies in actions. For example, if you normally log in from London, but today you’ve logged in from Hong Kong, the system recognizes this anomalous behavior, blocks access and triggers an alert to raise an investigation.

Applying Zero Trust will become an integral part of every organization’s business behavior as a way to future-proof the protection of data and assets.

Remote working is your new threat vector

As a result of government-mandated stay-at-home orders, remote working grew faster than anyone could have foreseen in 2020. Approximately 40 percent of the global workforce shifted to working from home or other remote locations. What’s more, the transition happened practically overnight and is expected to settle into a long-term trend.

Traditional security strategies, developed for staff working in the office within the same corporate network, are insufficient. In many cases, home routers and networks are not secure, and family members’ computing devices may be easily compromised.

What’s needed in 2021 is a new way of operating to work securely from remote locations. It will require changes in behavior, such as keeping access to corporate data from a home network to a minimum. Organizations must verify access to data and assets using various authentication methods that require human intervention and leverage new technologies, such as remote browsing or remote terminals, where no actual data is transmitted to the computing device at home.

Such changes, once unthinkable and impractical, will be crucial to securing work-from-home environments.

5G wireless offers new opportunities, enables new threats

After being touted for years as wireless networking’s next big thing, 5G is finally becoming mainstream. Apple introduced its first 5G-capable iPhones in late 2020, and telecom providers worldwide have rolled out 5G services.

5G computing with its high-speed connections and improved network reliability should empower organizations to quickly deploy compute servers, IoT sensors and other devices on the edge in remote hubs.

The features of 5G, however, can pose new threats if not well-managed. If infrastructure is not carefully secured, adversaries can exfiltrate information very quickly and in large amounts from compromised environments, thanks to 5G’s blazing-fast bandwidth.

Another concern is that most endpoint devices are not designed to deal with a high-volume network, which means adversaries could use 5G bandwidth to easily overwhelm network assets through denial-of-service attacks.

Ransomware moves one step ahead

Ransomware dominated headlines in 2020 and security experts have developed new tactics for responding to these threats. For example, by studying ransomware campaigns, security teams can deduce the decryption keys needed to unlock systems without having to pay the ransom.

Cyber criminals are aware of such countermeasures and are already developing ransomware encrypted at the code level. This means cyber security teams will have to wait for the code to run before it can be studied, thus slowing the development of countermeasures.

Attackers are also rewriting ransomware code to infect the firmware of computing devices and ensure perpetual presence in the victim’s environment. Code that is running at the firmware level may not be detected, stopped or removed by antimalware software.

As this malware cannot be simply overwritten, once a device is infected, the hardware must be either replaced or sent back to the factory to reinstall the firmware.

Cyber analytics drives more data-driven decisions

Organizations are starting to understand the importance of using data to improve business decisions. Operational data can give insights about potential growth and cost-savings opportunities, and how to optimize business process.

Security operations, like other parts of business, are harnessing operational data to understand how business events tie to security events. Organizations can use cyber analytics and AI to predict when and where attacks are most likely to occur so they can then focus their investments to achieve the greatest protection.

AI systems must target aspects of operations unrelated to security that can be correlated with past security events. For example, an AI system might determine that most attacks occur 3 days before quarterly financial results are due to be publicly reported. With that information, organizations can proactively bolster security protections prior to the next public disclosure.

In 2021, such pre-emptive knowledge will help organizations plan ahead. However, to succeed they must thoroughly analyze and understand all the data they collect about operations and business behavior.

Thankfully, 2020 is behind us, but new threats await. Protecting enterprises this year will require new cyber defense strategies and tactics, and better threat intelligence.

Building A Cyber-Resilient Culture

Posted on 13/08/202009/06/2021 by Tushar

No enterprise is completely immune to cyber security attacks. Instead of focusing solely on preventing attacks, organizations should ensure they are able to respond quickly, recover and maintain operations. In other words, they should become cyber resilient.

Cyber resiliency requires establishing policies and processes that help an organization to survive and continue to execute its long-term strategy in the face of evolving security threats. Cyber resiliency should be part of a holistic approach to security that takes all aspects of the business into consideration, from employees and partners to the board of directors. Improving security is not a one-time project, but instead is a program of continuous improvement.

To become cyber resilient, enterprises must strike a balance between these three actions: protecting critical assets, detecting compromises and responding to incidents. Making the IT landscape cyber resilient requires investments in infrastructure, design and development of systems, applications and networks. At the same time, organizations must create and foster a resilience-conscious culture, of which security is an essential part.

An enterprise cyber resilience strategy includes three main components:

Adapt business and IT systems to next-generation threats. Enterprises must prepare for global malware and ransomware attacks, as well as more subtle attacks, where the adversary lurks inside the network. Begin by defining your enterprise security architecture to address prioritized risks. Get a fresh baseline of your current security stance. For example, find out how your enterprise would recover from ransomware if multiple sites, the Active Directory, and backup platforms were to become encrypted. Evaluate critical applications and their dependencies on infrastructure; then define a communications and command structure to ensure business continuity.
Update your security governance strategy. Governance is essential to successful security planning and key to attaining cyber resiliency. To ensure that your strategy measures up, incorporate strategies for protection, detection and response. Update and test business continuity and crisis management plans to cover new models of sourcing. Expand crisis management requirements to include all partners and suppliers. Make board members aware of cyber risks and the steps to effective cyber resiliency. Review and refine older access and software-patching policies and consider adopting role-based access control (RBAC) to more efficiently regulate access to computer and network resources.
Create a resilience-conscious culture. Encourage all employees — not just the cybersecurity team — to adopt a cyber resilient mindset. Stress that employees are the first line of defense when it comes to threats such as phishing and malware. Promote collaboration across teams with pertinent information about security and threats. Coach employees to share knowledge with appropriate authorities and peers both within and outside of the enterprise.

Keep looking ahead

New threats are emerging as organizations adopt new technologies as part of ongoing digital transformation. Enterprises must be prepared and properly staffed to address these challenges:

Internet of things (IoT) vulnerabilities. Consider system cyber and physical security requirements and resilience before widely deploying and depending on IoT systems. Use IoT gateways and edge devices to segregate and provide layers of protection between insecure devices and the internet to help manage the overall lack of IoT security.

Blockchain complexities. Blockchain technology, by its nature, is distributed and resilient. But blockchain moves transactions toward a decentralized model, making it essential to control private cryptography keys. When embedding security into blockchain transactions, use role-based authentication and end-to-end encryption to properly protect data.

Lack of Security Operations Centers (SOCs) resources. Examine the important role SOCs play in bringing together the resources needed to direct the defense. Define what constitutes suspicious activity, identify vulnerabilities, configure detection technologies, search for and validate active threats and ultimately notify affected parties. SOCs must manage and monitor identities, as well as ensure compliance with policies and regulatory requirements.

Transition to DevSecOps. Consider adopting a comprehensive DevSecOps model that incorporates review and governance and supports faster release schedules and innovation. Determine whether your organization can commit to the requirements necessary for success, which include changing to a culture of collaboration, building security throughout the development life cycle and evaluating technical and business risks.

Achieving cyber resiliency should be a modular transformation that evolves from a well-defined strategy to a project roadmap. Make sure you define a strategic direction aligned with business objectives, outline a plan to achieve that direction, and ensure proper execution of that plan, including decision making based on risk management.

Digital Security Strategy’s guiding concepts

Posted on 08/08/202009/06/2021 by Tushar

Digital transformation represents the greatest opportunity for the enterprise in the 21^st century. CEOs across the globe have digital innovation on their agenda as they seek to deliver innovative new business models, create new digital customer experiences, and optimize and automate their processes to enhance business performance.

BUT…digital technologies and the rapid pace of change in a digital world also threaten the enterprise through a growing cyberthreat landscape with a widening attack surface that exploits the very same digital technologies being used to transform the business.

To prevent cyberattacks from derailing your digital initiatives, we need to build security into the very fabric of the digital enterprise. Delivering secure digital transformation is about building security into the digital core platform which is the foundation for how we transform the business…put simply, we must become “Secure to the Core” and have a consistent framework for digital security transformation.

Deploying the right Cyber Defense

One of the key imperatives for secure digital transformation is the ability to monitor every aspect of technology (both IT and OT) across the business. In short, we need to Monitor Everything.

The modern enterprise requires a plethora of security tools to secure their infrastructure and endpoints (networks, firewalls, servers, storage, devices, applications, data, etc). These tools generate an enormous volume of data each day, making it almost impossible to identify and respond to true cyberthreats in a timely manner.

Intelligent Security Operations can detect threats quickly, respond to attacks rapidly, and defend the enterprise from security breaches by applying intelligence and automation to handle the enormous volume of incidents we see across the globe.

To ensure a secure core, Anteelo’s approach is to provide next-generation digital services with a high degree of automation through a Security Platform that applies lean process, deep analytics and intelligent automation to the security information and event management (SIEM) process.

We often describe the underlying technologies within this platform as SOAR (security, orchestration, automation and response).

IDC, meanwhile, describes these cybersecurity technologies as AIRO (Analytics, Incident, Response, and Orchestration). The AIRO technologies trace what is required in the Security Operations Center (SOC) to protect the enterprise network through to threat detection and formal remediation.

Whether your approach is “SOAR” or “AIRO,” either way we must apply automation and orchestration to cyber defences in order to keep up with the sheer volume of data and incidents generated across a wide array of infrastructure and endpoints.

In addition to monitoring everything with SOAR (or AIRO), we also believe in two more critical imperatives that are needed to secure the enterprise: Verify Everything and Encrypt Everything.

Verify Everything is about adopting a zero-trust approach to digital identity and access management. Enterprises engaged in digital transformation need a new approach if they are going to thrive in the digital world. The principle for security is no longer about the “where” it’s about the “who.” Success requires a comprehensive focus on digital identity management. Identity and access management can effectively establish a logical perimeter that enables digital transformation. The right identity and access management solutions prevent unauthorized access to enterprise information using multiple authentication methods with user access management and provisioning.

Privacy by Design

Encrypt Everything is about minimizing the risk of unauthorized or unlawful processing of business-critical data and avoiding accidental loss and destruction or damage to data. All sensitive data requires encryption and/or tokenization using trust services (PKI, certificate and key management), encryption solutions, and rights management. The right data protection and privacy solutions encrypt sensitive data and prevents data loss from malicious cyberattacks.

So, to enable your digital transformation journey, remember these three key security principles: Monitor Everything (with cyber defense solutions), Verify Everything (with digital identity solutions) and Encrypt Everything (with data protection solutions).

Creating a safe networking of linked devices

Posted on 07/08/202009/06/2021 by Tushar

The number of connected devices is predicted to grow to 75 billion by 2025. This will create a massively connected ecosystem, and data security will be paramount.

Many of these devices will be cyber-physical systems, which closely integrate computation, networking and physical processes. The devices consist of a physical entity and its cyber twin, which can replicate the behavior of the physical machine and give insights into how the machine will react when prompted by various actions. Connect these devices to the internet, for data transfer, and the result is the internet of things. Smart grids, autonomous vehicles and medical devices are examples of cyber-physical systems.

In cyber-physical systems, digital and physical components interact with each other in a variety of ways that change with context. For example, an offshore drilling facility transmits sensor values from devices to check that machinery is functioning; the alerts from the devices will vary depending on whether it is a normal scenario or an emergency. Similarly, a connected medical device will send an alert based upon the patient’s condition.

In all contexts, it is imperative to maintain security and privacy of the data. This is particularly true in a data-sensitive field like healthcare, where there is growing concern about cybersecurity in connected medical devices.

A secure framework for cyber-physical systems

We have created a secure framework for connecting cyber-physical systems by leveraging distributed ledger technology (DLT). DLT is a digital system for recording asset transactions in multiple places at the same time, making fraud and manipulation difficult.

Our framework addresses:

Two-way tamper-proof device communication
Financial transactions between devices (e.g., machine-to-machine micropayments using crypto currencies)
Message transfer and data storage between devices with minimal or no transaction fees and mining (network) fees

The framework integrates edge computing components, which are industry-specific (such as medical devices), and has DLT at its core for data transfer and communication.

Edge devices communicate with a central system, the Directed Acyclic Graph distributed ledger, which powers data storage, transfer and access and ensures data security and data privacy. Click image to enlarge.

Inside the framework

We developed the framework’s components using directed acyclic graphs (DAG) — specifically IOTA — as the underlying DLT technology. DAG architecture is well suited for scalability and does not carry mining fees.

IOTA uses an invention called “The Tangle” at its core. The Tangle is a new data structure, based on DAG, that takes care of data privacy needs by providing restricted and private storage and retrieval options.

We describe each component with an industry example but the components can be extended to other industries:

Financial transactions – This component stores all transactions and automates micropayments between machines without any manual intervention. This component can be directly applied to the automobile industry for vehicle charging, toll payments, parking place payments and more. Details are available in this earlier post.
Tamper-proof data transfer / two-way remote communication – The underlying DLT technology of this component ensures data security and privacy in transmission, storage and usage. One direct application is remote patient monitoring in healthcare. This can be extended to any industry that needs remote device monitoring or secure data communication (e.g., offshore drilling and its machines).
Track and trace of a device’s location with indoor positioning – This component helps track and trace sensitive assets, when knowing the status of a device or machine is paramount. For example, use this component to optimize x-ray machine use in a trusted hospital network and reduce patient wait times.
Secure over-the-air firmware updates – This component addresses the exponentially growing need to push secure firmware updates to connected devices, with tamper-proof audit trails made possible by DLT. It is applicable to all connected devices in almost every industry including automotive, healthcare, technology and energy, and utilities.

The components are designed to work online, offline and in mesh networking mode (when Wi-Fi or cellular networks are not available). For example, if connectivity is lost due to an emergency or an outage, these systems can still transmit messages in up to a 65-mile radius. This is critical because it means your medical device stays connected if Wi-Fi or cellular goes down.

Moving toward a unified Digital Security Transformation Framework

Posted on 06/08/202009/06/2021 by Tushar

Organizations pursuing digital transformation initiatives are typically doing so to achieve a variety of possible business outcomes ranging from improved customer experience to improved operational efficiency. As enterprises plan their digital journeys, they are increasingly moving to a more distributed IT environment where corporate applications reside on premises as well as in public cloud environments, and access to these applications is provided on an anytime, anywhere basis to a variety of endpoint devices.

In this type of environment, there are a number of technology-related issues that will drive enterprises to think about new security risks such as the adoption of new technology, IT architectural migration, and the implementation of new operational processes. While these issues typically drive the front end of a digital transformation plan, security is often viewed as an obstacle to a digital transformation initiative or is an afterthought and only considered after the plan and design of the digital transformation initiative is finalized.

Security as an obstacle to innovation

Technology issues like cloud migration, the proliferation of endpoint devices (or “things”) attached to the network, and the adoption of new technologies like AI and IoT can potentially create new vulnerabilities for attackers to exploit. For some organizations, the thought of digital transformation creating a need for incremental security spend above what is currently being spent can slow the pace of digital transformation or stop it entirely.

The reality is that digital transformation is driven by business objectives and the development of a digital transformation strategy must include security requirements at the outset to minimize potential technology and business risks that cybersecurity represents to an organization. What is needed is a better understanding of the business risks associated with a digital transformation plan and the potential impact to the business if those risks ever materialize.

Attempting to “bolt on” a security strategy after the digital transformation plan is in place can put an organization at significant risk once the transformation plan is implemented by not having the proper controls, processes and technologies in place. Every component of a transformation initiative brings inherent risk, and organizations must rethink their overall security posture and the effectiveness of the current security controls they have in place.

Therefore, in the shift from an organization’s current state of IT operations to their future state, IDC believes that a framework for security that includes the combination of a comprehensive security strategy in conjunction with a digital transformation strategy would provide a guide to help organizations understand where potential risks exist and how best to address the risks inherent in their digital transformation journeys. This approach brings security concerns and technical risk in better alignment to business objectives.

Accelerating the path to digital transformation securely

Reference architectures are commonly used as a template for highlighting the various components of an architecture, their functions, and the interdependencies of the functions provided through a set of interfaces. The objective of the reference architecture is to provide a level of commonality for consistent implementation and reuse. This helps to accelerate the delivery of a technology solution while ensuring consistent implementation.

When considering the architectural changes taking place in enterprise IT environments as organizations execute on their digital transformation strategies, the use of a security reference architecture can help bring business objectives and security concerns in alignment, while also accelerating the path to digital transformation in a secure manner.

Given the challenges businesses face today keeping pace with the ever-changing security threat landscape and the demands for IT to be an enabler to digital transformation, a consistent approach to implementing security at the strategy, operational and technical level is a business imperative. The use of a holistic framework that provides a consistent methodology, uses a common language and provides a step-by-step guide for embedding security into any digital initiative will help organizations streamline transformation and accelerate the time to realize real business value.

A Centralised System for Sharing Logistics Data

Posted on 03/08/202009/06/2021 by Tushar

The transport and logistics industry has been experiencing tremendous growth with the evolution of services such as Alibaba and Amazon. However, there’s one major challenge to the smooth delivery of online orders: retailers and manufacturers use different data formats for issuing and tracking order shipments.

In the absence of universal agreements for identity and access management that work across the entire industry, companies have had to draw up individual written contracts for every shipment. Customers may get their items in a reasonable period of time, but when it comes to the retailer, shipper or consumer tracking the product, there’s no uniform view of the entire shipping route as the package is on route to its final destination.

That’s why a group of forward-thinking public- and private-sector partners within the transport and logistics sector in the Netherlands have formed iSHARE, a consortium that seeks to develop a uniform standard for automatically exchanging data while shipping products following an online sale. All data and policies are stored in a central repository, enabling each partner to work with the same identification, authentication and authorization methods, thereby eliminating the need to manually type multiple contracts in order to share data and ship a product.

The Netherlands has been funding this project over the past few years, and consortium members hope that iSHARE can become a global standard. To give credibility to the notion that iSHARE will be embraced wordwide, large maritime port and airport cargo handlers – in tandem with a large U.S. retailer – have also contributed to investing in the project.

Recently, the consortium has been testing the last mile of delivery in the online food sector using crypto technology developed by iSHARE. For the last mile, solutions are being developed that can open a smart lock or box via Bluetooth or Wi-Fi with crypto tokens. Sometime soon, the delivery agent will only need an app on a smartphone or tablet to open the lock/box. A crypto token will work in tandem with policies, developed by solutions providers, that will determine whether the contents of the box need simply to be cooled or remain frozen.

Once this last mile technology emerges, then the great potential of online shopping can be realized. A Rabobank report found that total supermarket spend in the Netherlands in 2018 across 3,730 stores was 38.7 billion euros, of which 1.4 billion euros (3.6%) came via online shopping. The good news: Rabobank expects online food shopping to grow up to 30% by 2030.

Despite this promise, online food shippers still face unique challenges, namely that perishable food items need to be stored in temperature-controlled conditions and can’t just be left at a front door or on a person’s driveway. Residents must be home to receive the goods or pick them up at so-called pick-stations. An analysis by Dutch supermarket franchiser Ard van de Huijgevoort, owner of van de Huijgevoort Group, found that because deliveries can only be made when people are home, only nine deliveries are made per van, per day — well below the volume they know is possible.

But what if deliveries could be made at any time of day so that the shippers can drive the most cost-effective routes? In addition to the use of crypto tokens noted, there are systems under development that include iSHARE for data exchange in leveraging autonomous delivery and other modern food storage techniques. Ard van de Huijgevoort found that, under such a system, three to four times as many deliveries can be done in one day. Along with considerably better economics for the supermarket, this also reduces carbon emissions because the trucks drive fewer kilometers for the same deliveries.

To be sure, there are still many challenges in the transport and logistics industry, but uniform data sharing standards, such as those created by iSHARE, should accelerate improvements across the many stages of the delivery journey.

The need for Technology Plan for Renovating an Airport

Posted on 02/08/202009/06/2021 by Tushar

Experts predict air travel will grow steadily over the next two decades. The Federal Aviation Administration (FAA) reports that the number of passengers boarding planes is expected to increase from 880.5 million in 2018 to 1.3 billion by 2039. Airports are responding with massive construction programs and new processing technologies to help them handle more gates and passengers and deliver enhanced security.

Airport managers understand that deploying new technologies can be a critical component of managing expected growth. Yet too often they find it simpler and more expedient to expand their current systems rather than start construction projects with the more modern solutions. I have personally seen how this short-sighted approach ultimately costs more and adds delays to projects, as newer systems are eventually retrofitted anyway. A more intelligent strategy would be to begin projects by thinking of technology and construction from a business perspective.

How technology helps travelers

Numerous existing and conceptual technologies can make airports the efficient, high-tech facilities that today’s travelers expect. The most obvious ones include WiFi and emerging 5G technology. More sophisticated technologies include smart sensors that can determine the mood of the crowd, monitor how full trash cans are, and automate how planes park at the terminal — without human intervention. In addition, modern communications technology can tie into retail service companies so travelers can order coffee or food that’s ready for them at the gate when they arrive at a destination.

It’s all possible, and can bring tremendous benefits to airports and travelers, but it needs to be properly planned for. Airports can expect the best business outcomes when technologists are part of the design and orchestration process. Here’s how incorporating their input from the beginning of a project can enhance five key business initiatives:

1. Situational awareness

Both management and the public expect airport security to know what’s going on around the perimeter of the airport. By bringing IT into the conversation at the beginning of a project, cameras and sensors can be strategically placed around airport property to give the security team a 360° view of vehicle break-ins or other criminal incidents. In addition, video footage coupled with predictive analytics can help determine crime patterns that emerge over several months and years. Technologists’ input will ensure that there’s a good balance between ongoing support costs, the desired capability of the application and cybersecurity.

2. Improved risk management

Similarly, involving IT early in the construction process can help airports deploy sensors and cameras in optimal locations. Salt Lake City International Airport, for example, installed seismic sensors to monitor potential earthquake activity in the region. More commonly, facial recognition sensors, installed properly, can read the mood of people passing through terminals and alert security to potentially suspicious activity. Technologists and legal staff can ensure that airports don’t inadvertently take on more risks when implementing new capabilities.

3. Reduced costs

It’s always more cost-effective to allow for the technology upfront, as opposed to doing a retrofit. After all, airport construction project managers don’t want to reopen ceilings or redo wiring once a building or parking lot is done. Sometimes a new construction project provides an opportunity to “forklift” out existing technology and replace it with far more capable and easier-to-maintain equipment, which lowers total cost of ownership over time. However, the actual technology equipment should be bought later in the construction cycle — just before the implementation — to ensure it doesn’t get out of date before it’s even turned on.

4. Improved public reputation

Today’s travelers expect access to lightning-fast WiFi, self-service check-in kiosks and other digitally enabled features. Any airport renovation project that fails to deliver modern technology will likely result in negative feedback scores for the airport and a public outcry on social media. There’s no reason for that, especially when most IT teams are more than willing to work with airport management to deploy modern technologies that will improve safety and deliver a better experience for travelers. Additionally, IT staff can help guide the use of new 3D technology to simulate future environments so that all stakeholders know that the airport staff understands their concerns and intends to feature the latest technology.

5. Enhanced customer satisfaction

The best IT staff are customer-focused today, so building in the technology to help airports improve services is second nature. Airport managers can work with the airport IT staff and the carriers to install the right WiFi technology and 5G towers to facilitate all kinds of new services, such as deploying applications that can text travelers the location of the closest restroom when they get off the plane or let them know if the restroom is closed for construction. Also, airport managers should make sure IT and marketing staff can fully leverage social media to properly track and respond to concerns.

Making technology upgrades part of airport construction projects brings business value and isn’t a hard concept to grasp, but it’s essential if an airport hopes to maximize its investment. Give technologists a seat at the table – and airports can meet the traveling public’s technology expectations while in turn avoiding expensive retrofits.

The Rail Industry’s Transformation aided by Electric Trains

Posted on 01/08/202009/06/2021 by Tushar

Rail carriers are finding that the combination of electric trains coupled with computer-based transportation management systems can help them run more trains, handle increased ridership and reduce their annual power bill – sometimes to the tune of 6 percent annually.

According to Patrick Mazza, coauthor of the book Solutionary Rail (2016), electricity serves nearly 25 percent of railroad track miles and supplies more than one-third of the energy that powers trains around the world. While the United States has fallen way behind in this area, other regions, such as EU countries and India, are developing the electrification of their railways. After all, there’s a growing consensus in the rail industry that long-term, electric trains make sense in terms of reducing costs and addressing sustainability.

In his book, Mazza outlines the following benefits of moving from diesel-powered to electric trains:

Lower power costs. While prices of diesel fuel are low right now, many industry analysts estimate that long-term prices will increase. On the other hand, electricity prices are falling with the fast-growing use of renewable energy sources such as wind and solar. Even at current prices, an industry report by Amtrak estimates that it is 50 percent less expensive to power a train by electricity than by diesel.

Lower engine costs. Electric locomotive engines cost about 20 percent less than diesel locomotive engines on the global market, and maintenance costs are up to 35 percent less than for diesel engines.

Reduced pollution. Phasing out diesel-powered locomotives would reduce air pollution, including soot, volatile organic compounds, nitrogen oxides, and sulfur oxides, all of which negatively affect public health and the overall And switching from diesel to electricity would also help address the need to replace petroleum-based liquid transportation fuels with cleaner alternatives as we seek to lower greenhouse gas emissions.

On the technology front, rail carriers can now collect data and run analytics to determine how trains perform under different driving styles, in order to improve overall performance and energy efficiency. For example, carriers can analyze how four drivers manage 100 journeys in a week and determine why some drivers use more power than others even though they run the same routes.

If test data determines that some drivers stop and start more frequently or brake harder than others, the drivers could be taught to better use trains’ regenerative braking technology, which captures the energy expended by trains as they slow down. They can then re-use the power, improve energy efficiency and reduce a train’s carbon emissions. Chennai Metro Rail in India estimates that with regenerative braking, each train can generate nearly 1,900 kWh, or 30 percent of the energy consumed. Thus, by saving 30 percent of power needs, Chennai Metro Rail says their trains are cutting down carbon emissions as they reduce dependency on power supplied from fossil fuels. That’s a big savings, both for Chennai Metro and for the environment.

Although it will still take the rest of this decade to make a more complete transition to electric, many rail carriers around the world have been on this track for at least the past few years. I think it’s safe to say that people can expect electric trains to become much more mainstream around the world by 2025. Couple that with increased use of digital technologies and analytics, and our industry stands to make great strides on transforming railroads into modern carbon-neutral companies.

The Digitalization of Trains

Posted on 31/07/202009/06/2021 by Tushar

Rail systems are finally making the digital transformation everybody’s been talking about for several years.

In the United Kingdom, for example, the Thameslink now runs 24 trains an hour – an increase of 50 percent in its capacity compared to years past. Making this possible took a lot of work on the back-end. Rail carriers consolidated their control centers and built modern, computerized facilities that leverage data analytics to develop intelligence about on-time performance, delays, and overall ridership per time-of-day and season.

Rail carriers are also deploying digital enterprise asset management (EAM) systems to reduce maintenance time and improve overall productivity. These systems precisely target what needs repairs and provide an immediate and accurate status of rail stock and parts to maintenance crews. Digital EAM technology can also monitor an inventory of trains in rail yards more efficiently, ensuring more predictive maintenance as opposed to simply repairing trains when they break down.

Rail companies have also invested in sleek electric trains that run faster, with fewer carbon emissions, and are easier for drivers to manage. Regenerative braking technology, which captures the energy expended by trains as they slow down and reuses it, not only delivers a smoother ride – through fewer stops and starts – but improves energy efficiencies and further reduces pollution.

Mobile ticketing and more

Digital technologies also offer major benefits to passengers, such as mobile ticketing, the ability to leverage Alexa and other digital assistants for train schedules and weather forecasts, and automatic refunds when trains are late or offline.

The results have been impressive. The UK’s Office of Rail and Road reports that rail passenger journeys in Great Britain in 2018-19 reached a record high of 1.759 billion. They increased by 3 percent compared to the previous year, driven by a 3.9 percent increase in the London and South East sector. Total passenger revenue growth also hit 10.3 billion pounds, its highest revenue since 2014-2015. Of course, increased ridership can be attributed to a number of factors, including evolving consumer attitudes toward rail’s eco-friendly advantages or time and cost savings compared to car travel, but it’s clear that digital is making traveling by train easy, cost-effective and gentle on the environment.

Need for cybersecurity

The shift to digital from paper-based systems requires that rail carriers take a much more focused look at their cybersecurity postures. They have to put in place security awareness programs for the rank-and-file staff and also communicate with passengers on ways to protect their digital identities as they purchase train tickets online and depend on their mobile phones to manage their busy travel schedules.

On the IT staff side, rail carriers need to put solid patch management programs in place so the back-end software runs securely and threat actors have fewer opportunities to inject malware. Most security experts will say that with a solid patch management program and basic security awareness around email phishing, organizations can prevent the vast majority of cyberattacks.

Full speed ahead

While rail carriers have not moved as quickly into digital as airlines and rideshare companies such as Uber and Lyft, they have made some great progress.

As we head into the 2020s there’s really no turning back. Change comes slowly, but with investments the industry has made in back-end technology and analytics, mobile apps and faster electric trains, we’re about to turn the corner into the digital future.

Ways by which Digital Technologies might enhance the Rail Passenger Experience.

Posted on 30/07/202009/06/2021 by Tushar

Rail systems have taken a back seat to airlines when it comes to focusing on customers, but that’s changing. In the United Kingdom, for instance, Network Rail has had great success in becoming more responsive to passengers. Its Putting passengers first program decentralized services and functions, creating five regions, each with its own managing director responsible for delivering train performance across 14 routes. Digital technologies are an important part of the program. For example, Network Rail sends consistent and reliable train information directly to passengers via mobile messaging. In addition, Network Rail is now leveraging advanced analytics to enable staff to track and deploy rail assets as needed. It also uses analytics to keep trains running on time by supporting solutions that resolve adverse weather or environmental factors like leaves on the line.

Rail organizations are seeking to improve many other points of the passenger journey through innovative solutions. Delivering these digital technologies, of course, assumes that the rail system has invested in upgraded Wi-Fi and has plans to support the emerging 5G standard as wireless carriers roll it out.

Here are six ways digital technologies are improving the ride experience for passengers in the UK and around the world:

1. More efficient ticketing. Digital technologies let rail customers identify the best time of day – such as off-peak times – for the most economical fare, and make their selection online or via mobile apps. While this may not necessarily help passengers who purchase a monthly pass, it can be helpful for workers who only need to report to the office two or three times a week, for parents traveling with small children or for a caregiver transporting an aging parent to a doctor’s appointment. Students on a tight budget also appreciate having access to information that can help them plan their travel time more efficiently and economically.

2. Convenient refund service. Most commuter rail passengers tap in or out with a smartcard or smartphone. After they tap in and take their trip to work in the morning, the system can notify them via text or email during the day that there is a network disruption and that their return trip home will be delayed by 30 minutes. If it’s going to be a longer delay, the system can send passengers suggestions for alternate routes and give them a percentage-based credit to their account. If a passenger was planning a longer trip for a vacation, the system can credit the traveler with a full refund in the event the train was delayed or cancelled.

3. Synchronized coffee and food services. The airlines have tied in services where travelers can order food or coffee to be ready for pickup when they arrive at destinations or make connections to another flight. These same types of services are becoming available to commuters. In England, for example, rail passengers can now have their coffee waiting for them when they arrive at the train station in London each morning. Or they may opt to preorder a quick snack at the station for their trip home at night. These types of personalized convenient services are becoming very popular as people go about their busy daily activities.

4. Digital assistants. Given the number of people who use Alexa, Google Assistant and smartphones with digital assistants, rail companies can now leverage those tools to reach customers. Commuters can query Alexa in the morning to find out if their train is on time, or get a quick weather report to know if they should take an umbrella. If they need to deviate from their normal pattern and go to a different location, they can query Alexa on the best prices and times for a round trip on that day.

5. Mobile tickets. This may be the year that mobile ticketing becomes more mainstream around the world. For the past several years, commuters in the Boston area have been able to use their smartphones to purchase and show their tickets digitally. Another mobile ticketing project is now well under way in Japan, and this year there are plans in the UK to make it possible for rail commuters to use their ITSO (Integrated Transport Smartcard Organization) passes on mobile devices.

6. Improved logistics and crowd control. Vastly improved communications make it possible to inform passengers if and when a train changes tracks. It can be inconvenient and annoying to wait for a train at one track and learn at the last minute – if at all – that the track has changed. This is particularly true for passengers who need special assistance, such as mothers with young children and strollers, or people in wheelchairs or on crutches. Instead of depending on older, often hard-to-hear PA systems, passengers can receive texts that inform them of the track change as soon as it’s known, giving them enough time to react and make their way to the new track.

Going digital improves the passenger experience, and it also makes the staff more efficient. As we head into the third decade of the 21^st century, there’s no turning back. Rail systems need to go digital to stay viable to a generation of riders who simply expect these services and communications.

Zero Trust becomes more relevant than ever

Remote working is your new threat vector

5G wireless offers new opportunities, enables new threats

Ransomware moves one step ahead

Cyber analytics drives more data-driven decisions

Keep looking ahead

Deploying the right Cyber Defense

Privacy by Design

A secure framework for cyber-physical systems

Inside the framework

Security as an obstacle to innovation

Accelerating the path to digital transformation securely

How technology helps travelers

1. Situational awareness

2. Improved risk management

3. Reduced costs

4. Improved public reputation

5. Enhanced customer satisfaction

Mobile ticketing and more

Need for cybersecurity

Full speed ahead

Delivering excellence, collaborating across time zones.

Take a look at our global hideouts.​

Contact

India (HQ)

Atlanta, USA

London, UK

Dubai, UAE

Melbourne, Australia

Surabaya, Indonesia

India (HQ)

Atlanta

London

Dubai

Australia

Indonesia

Take a look at our global hideouts.