Transportation Infrastructure

Indian Railways, aviation, ports, and metro systems vulnerability assessment

200M+
PRS Users
3M daily bookings
62K+
RailTel Fiber (km)
4.5M
Air India Breach
JNPT
Port Vulnerability
Maersk/REvil 2017
250K
FOIS Wagons
RFID tracking
2021
RailTel Attack
RedEcho attribution
2023
Delhi Metro OCC
Intrusion incidents
2022
Tata Power Hive
Ransomware

National Threat Map

RailTel Fiber
62K km backbone, defense comms
CRITICAL
PRS Mainframe
200M users, IBM COBOL
CRITICAL
JNPT Port
REvil ransomware 2021
CRITICAL
AAI CNS/ATM
137 airports, TAG-38 campaign
CRITICAL
Digi Yatra
Biometric system, 6 airports
HIGH
Delhi Metro OCC
2022 intrusion attempts
HIGH
Mumbai Line 3
CBTC LTE susceptibility
HIGH
Chennai Port
TCS PORTSTAR systems
HIGH
Kolkata Metro
1984 signaling systems
MEDIUM
FASTag CCH
3.5M daily txns, single point
CRITICAL
FOIS Network
250K wagons tracked
HIGH
ICEGATE
25M filings annually
HIGH
railways
aviation
ports
surface

Supply Chain Flow

Container DataRail BookingWagon TrackCustoms EDIPaymentVehicle IDTxn DataConvergenceJNPT PortNavis SPARCSFreight CorridorFOIS NetworkICEGATESWIFTFASTag CCHMetro OCCToll Plazas
Primary
Secondary
External

Threat Actor Attribution

RailwaysPortsAviationMetroRailwaysPortsPortsAviationTransportRedEchoMustang PandaSideCopyREvilSandwormShinyHunters
Primary
Secondary
External

Threat Actor Sector Activity

Vulnerability Heatmap

Exploitability
Data Sensitivity
National Impact
Remediation Complexity
PRS
85
95
90
95
FOIS
65
70
80
75
RailTel
75
85
95
70
CNS/ATM
70
80
95
85
Digi Yatra
60
90
75
50
ICEGATE
70
85
70
60
FASTag CCH
80
75
70
65
Metro OCC
75
80
85
70
EV Chargers
70
50
60
55
Ropeway PLC
85
70
80
90
0
100

Regulatory Gap Matrix

RailwaysGap: 75%
Coverage: 25%Required: 100%
AviationGap: 60%
Coverage: 40%Required: 100%
PortsGap: 70%
Coverage: 30%Required: 100%
SurfaceGap: 80%
Coverage: 20%Required: 100%
MetroGap: 65%
Coverage: 35%Required: 100%
Coverage vs Unaddressed Attack Surface

Indian Railways Security Posture

Incident Timeline

Data Exposure Aggregation

Bubble size = National Security Impact | Top-right = Critical Priority

RailTel Incident Timeline

Attack Path Topology

Phishing EmailVendor VPNLateral MovementCorporate NetworkFOIS DataFortinet VPNNavis SPARCSContainer OpsCustoms EDISWIFTSITA PSSAir India PNRGov Travel Patterns
Primary
Secondary
External
Railway Path
Phishing → Vendor VPN → FOIS
Port Path
Fortinet → Navis → SWIFT
Aviation Path
SITA → PNR → Travel Patterns

Aviation Data Exposure

Air IndiaRisk: 80%
4.5M
SITA PSSRisk: 90%
12.0M
Digi YatraRisk: 65%
15.0M
AAI InternalRisk: 45%
2.0M

Port Security Assessment

Threat Assessment

CRITICAL
Transportation Threat Level
Critical: 55%
High: 30%
Medium: 10%
Low: 5%

Critical Targets

PRS Mainframe
IBM mainframe COBOL • 200M users • 60+ years old
RailTel CIM Network
Defense communications • 62K km fiber • October 2021 compromised
Railway Signaling
Relay-based systems • 60+ years • TCAS in progress

Case Studies

October 2021

RailTel October 2021 Cyber Attack

critical

Chinese state-sponsored group RedEcho conducted cyber attack on RailTel corporate systems. Attack came amid border tensions and targeted railway infrastructure.

Actor
RedEcho (Chinese)
Impact
Corporate network compromise, defense communication exposure
December 2021

RailTel Data Dark Web Sale

critical

Customer data from RailTel appeared for sale on dark web forums two months after the cyber attack, confirming data exfiltration during the incident.

Actor
Unknown (Attributed to RedEcho)
Impact
4.5M+ customer records exposed including government users
2017

JNPT Maersk/REvil Ransomware

high

NotPetya ransomware attack impacted Jawaharlal Nehru Port Trust through Maersk shipping systems. Operations disrupted for multiple days.

Actor
REvil (Criminal)
Impact
Container operations disrupted, port efficiency reduced by 50%+
2021-2022

Air India SITA Breach

high

SITA passenger service system breach exposed 4.5 million Air India passenger records including passport data, credit cards, and ticket information.

Actor
SITA Hacker (Unknown)
Impact
4.5M passenger records including passport and card data

Key Findings

PRS Mainframe Age & Vulnerability

Passenger Reservation System runs on IBM mainframe with COBOL code from 1980s. 200M+ user accounts with 3M daily transactions. Cannot be remediated without complete redesign.

RailTel Defense Communications Exposure

RailTel 62,000+ km fiber network carries CAMERA Interface Network (CIM) connecting military installations. October 2021 attack demonstrated this critical exposure.

Signaling System Age

Indian Railways signaling systems 60+ years old with relay-based technology. Train Collision Avoidance System (TCAS) implementation ongoing with security concerns.

FASTag RFID Cloning

FASTag system with 40M+ active tags vulnerable to RFID cloning attacks. Multiple documented cases of FASTag fraud through duplicate tags.

Delhi Metro OCC Intrusions

Delhi Metro Operations Control Center documented intrusion incidents affecting train scheduling and passenger safety systems.

Critical Alert
RailTel October 2021 attack demonstrates critical defense communication exposure via civilian infrastructure