In the first quarter of this year, hackers targeted ticketing systems of both the Polish and Ukrainian railways. However, the threats extend beyond ticket sales, reaching into critical infrastructure like power supply and traffic control systems. The aim of these attacks—whether small-scale or sophisticated—is to disrupt railway operations, a growing concern given the current geopolitical climate, where transportation infrastructure plays a key role in strategic national security.
In many cases, human error remains the weakest link—whether through poor password protection, unsecured devices, or excessively broad access permissions granted to employees beyond what their roles require.
“If we ask which systems are most vulnerable, that’s a question the railway sector must answer privately and act upon to secure the most at-risk systems—or those whose failure would be most damaging. You can’t simply lay those vulnerabilities on the table, as that would be an open invitation for more attacks,”
— said Dr. Marek Pawlik, Deputy Director for Railway Interoperability at Poland’s Railway Institute, speaking to Newseria.
Cyberattackers Don’t Play by the Rules
Unlike public institutions, cybercriminals aren’t bound by regulations or ethics. Public entities like railways, hospitals, and government agencies must operate within legal frameworks and procurement laws.
“We have to act ethically and legally. Those attacking us don’t. They often have resources provided by state actors or international organizations and are completely unconstrained. On the other side, we’re dealing with either soulless software like bots, or individuals who believe they’re in a cyber war where anything goes,”
— said the professor from the Railway Institute.
PKP Ticketing System Targeted
At the beginning of 2025, Polish media reported a surge in cyberattacks on the PKP Intercity ticketing system. In one incident in late January, hackers simulated 100 million system entries within a single hour—not only to disrupt railway operations, but potentially to harvest customer data, according to cybersecurity experts.
“There are two frequent targets: power systems—because without electricity, everything stops—and transportation. If the transport network is attacked and paralyzed, the economy stalls, defense suffers, and much of the state’s functionality is jeopardized,”
— explained Pawlik.
In the past, financial institutions were the primary targets due to the potential for monetary gain. Now, attackers are less focused on profits and more on disrupting the functioning of entire nations.
Ukraine’s Railways Under Attack
This shift is exemplified by a wave of attacks on Ukrainian railways. In late March, Ukrzaliznytsia, Ukraine’s national rail company, reported that their online systems had been hacked, leaving domestic and international ticket purchases unavailable for days.
From a practical standpoint, weak cybersecurity protocols or human mistakes often provide the entry points for such attacks—whether by giving attackers system access or allowing them to install malware.
“When it comes to cybersecurity, permissions must be precisely aligned with employees’ actual needs. A common Achilles’ heel is granting high-level access to people simply because they rank high in the hierarchy, even when they don’t need it. Permissions must be tightly scoped, responsibilities clearly defined, and all activity must be logged,”
— emphasized Prof. Pawlik.
Quantum Computing: A New Defense Frontier
There is growing hope that quantum computing will significantly enhance cyber defenses. Experts believe quantum calculations will be crucial in early-stage attack detection, identifying threats before they cause major damage. Additionally, quantum technology is expected to lead to stronger cryptographic standards for protecting digital data.
“Quantum computers will render traditional passwords obsolete. If you currently have a 12- or 14-character password, you might sleep soundly for now—but not for much longer. Soon, even office employers will demand multi-factor authentication: a password, a verification code via SMS, and more. Cracking a password will no longer be enough—you’ll have to steal someone’s phone and prevent them from reporting it. Multi-factor authentication will be the first major shift in the post-quantum era,”
— predicted the cybersecurity expert.
Cyberattacks on Railways Surge by 220%
According to Cylus, a leading cybersecurity firm, the number of cyberattacks targeting railway systems increased by 220% between 2017 and 2022. This spike correlates directly with the accelerating digitalization of the railway sector, which—while enhancing efficiency—also introduces new vulnerabilities.
As geopolitical tensions rise and transportation networks grow increasingly connected, protecting railway systems from cyber threats becomes not just an IT concern, but a national security imperative.
