Comment

29.01.19

Cyber security in the time of digital railway

Source: RTM Dec/Jan 19

Richard James Thomas, industrial fellow in data integration and cyber security at the University of Birmingham, considers the cyber security challenges that will arise as digital railway systems become the norm across the UK network.

The Digital Railway Programme is transforming railway signalling from a Victorian-era system with lineside signals to advanced, state-of-the-art in-cab systems. Through this digitisation, we are able to run trains at higher speeds and closer together with moving-block signalling, increase capacity on congested lines, and achieve improved cross-border operations. ERTMS is at the heart of this, and has already been deployed on the Cambrian Line in Wales and on Thameslink.

Whilst the digitisation of these systems offers significant benefits, they can also come with a catch: potential increased exposure to cyber-attacks. ERTMS is just one example of an Industrial Control System (ICS), a collective term for control systems used in industrial environments. Bespoke systems are now being replaced with commercial off-the-shelf solutions, with the interconnection of the operational equipment to the traditional IT ‘enterprise’ networks, allowing for additional oversight and improved management. This convergence also comes with its own risks if not carefully considered where, in other sectors, attacks have been seen in the wild – for example, Stuxnet, CrashOverride and BlackEnergy.

This was partly due to lack of understanding, proving assumptions about the mythical airgap false. WannaCry affected parts of the public information systems across the German rail network, but did not affect the operational, safety-critical side.

ICS systems, ERTMS included, present a different security challenge when compared to commodity systems: their lifespan. Commodity equipment refresh cycles are typically in the order of years, whereas ICS components may be in the order of decades. As an example, ERTMS is composed of the ETCS and GSM-R, which was deployed in the UK between 2007 and 2014, and will become the data carrier for ETCS data, whereas today in commodity environments we readily have 3G/4G in use.

Another issue is that the security landscape is constantly changing, with more intricate attacks being developed. Attacks which were previously impossible are now returning into focus. For example, an attack that recovers the GSM encryption key can now be achieved in nine seconds. This allows an adversary to eavesdrop in on the connection between the base station and device, but not yet ‘inject’ their own messages. This highlights that with these longer-lifespan systems, we need to not only consider our attackers of yesterday or today, but we need to look at the horizon of what will be possible, say in five to 10-plus years.

With the EU NIS Directive in force, security is even more of a priority; we need to be able to reliably assure the security of our systems, both new and old. We also need to consider the standards from a security perspective to ensure they have sufficient foresight. At the University of Birmingham, as part of the Research Institute in Trustworthy Inter-Connected Cyber Physical Systems and continuing as part of UKRRIN, we have looked at parts of the standards to assure that they offer the necessary levels of security that we would expect for a safety-critical system. It is clear that the standards haven’t quite kept up to pace with technological advances, but security has at least been considered, with modularity in parts to allow security improvements, where we have made a number of suggestions to ensure security for the future.

The digital revolution on the railways is an exciting time – but something we need to keep in mind, especially for today and the future, is the impact that security has on safety. Both need to be considered and regularly reviewed.

 

Enjoying RTM? Subscribe here to receive our weekly news updates or click here to receive a copy of the magazine!

Comments

There are no comments. Why not be the first?

Add your comment

 

rail technology magazine tv

more videos >

latest rail news

View all News

rail industry focus

Leader of Rotherham Council and Mayor of Doncaster ask Government to re-think HS2

30/09/2019Leader of Rotherham Council and Mayor of Doncaster ask Government to re-think HS2

Leader of Rotherham Council, Chris Read and M... more >
Developing the future of UK infrastructure invested in Southampton

27/09/2019Developing the future of UK infrastructure invested in Southampton

The University of Southampton officially unve... more >

editor's comment

23/01/2018Out with the old...

Despite a few disappointing policy announcements, especially for the electrification aficionados amongst us, 2017 was, like Darren Caplan writes on page 20, a year generally marked by positive news for the rail industry. We polished off the iconic Ordsall Chord (p32), hit some solid milestones on Thameslink (p40), progressed on ambitious rolling stock orders (p16), and finally started moving forward on HS2 (p14) ‒ paving the way for a New Year with brand-new infrastructrure to... read more >

last word

Encouraging youngsters to be safe on the railway

Encouraging youngsters to be safe on the railway

This summer, Arriva Group's CrossCountry and the Scout Association joined to launch a new partnership to promote rail safety among young people. Chris Leech MBE, business community manager at the TOC, gives RTM an update on the innovative scheme. Recognising that young people are more likely to take a risk trespassing on railway tracks, C... more > more last word articles >

'the sleepers' daily blog

NPR, TRU & Fleetwood Mac

18/10/2019NPR, TRU & Fleetwood Mac

Switch up your playlist with the first #WeAreRTM podcast, gain exclusive insight into the leaders running the rail industry their opinions on recent headlines, visions for the future and meet the personalities behind the job titles. It's not your average interview. Anna-Jane Hunter, Network Rail’s director, North of England rai... more >
read more blog posts from 'the sleeper' >

interviews

Andrew Haines, CE of Network Rail, tells BBC News his organisation could issue future rail franchises

24/06/2019Andrew Haines, CE of Network Rail, tells BBC News his organisation could issue future rail franchises

Andrew Haines, the Chief Executive of Network Rail, has told the Today programme on Radio 4's BBC’s flagship news programme that he wo... more >
Malcolm Holmes, executive director of West Midlands Rail Executive, announced as TCR Midlands speaker in Birmingham

24/06/2019Malcolm Holmes, executive director of West Midlands Rail Executive, announced as TCR Midlands speaker in Birmingham

Ahead of his appearance, Malcolm Holmes spoke with Rail Technology Magazine about what key leaders in the industry were doing to improve rail in ... more >
Advancing the rail industry with management degree apprenticeships

08/05/2019Advancing the rail industry with management degree apprenticeships

In answering the pressing questions of how current and future generations of managers can provide solutions to high-profile infrastructure projec... more >
Women in rail - is the industry on the right track?

12/03/2019Women in rail - is the industry on the right track?

RTM sits down with Samantha Smith, sole female member of the TransPennine Route Upgrade Alliance Leadership Team, to find out more about encourag... more >