Security for Safety: Enabling Digitalization of Railway Systems CIPSEC workshop Frankfurt am Main, 16.10.2018 Dr. Jasmin Ćosić, DB Netz AG M.Sc. Christian Schlehuber, DB Netz AG The research leading to these results has received funding from the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no 700378.

Agenda 1. Introduction / Motivation 2. Critical infrastructure and railway sector in Germany 3. Motivation DB Netz @ CIPSEC 4. Future challenges in railway sector security 5. Conclusion

Short intro - Railway (in Germany) Biggest business premises in Germany – with public access 33,500 km rail network 5,700 Stations (in Germany) as gate to railway transportation 48,800 heated railway switches (of 70,000 total) Approx. 3,300 interlockings 1,323 electronic interlockings (ESTW) 40.000 trains/day 1 mlrd rail_km/year cca 12.7 milion passengers/day ….. 4.652 milion passengers in 2017 Main Objective: Safe railway operation National Safety Authority has to grant admission for every interlocking Security getting more and more in focus 3 3

Introduction - Motivation What is CRITICAL (BSI definition) What is CRITICAL – „…everything that provide services to citizens, business and government…“ What is CRITICAL in railway section…..almost EVERYTHING Railway system is very complex Need special (specific) approach Security vs. Safety Most critical railway services: Controls system & signaling CCS (SCADA) network Sales services Communication (internetworking) ….. Many Projects in domain of cyber security in railway section. The sectors of CI in Germany (BSI)

Regulation in Germany German „IT-Sicherheitsgesetz“ (IT-security law) 7/2015 EU Cybersecurity strategy EU Network and Information Security Directive (NIS) 8/2016 (concerning measures for a high common level of security of network and Information Security in EU) Safety Standards in Germany DIN EN50126 (Railway application: Specification and demonstration of reliability, availability, maintainability and safety) DIN EN50128 (Standard for safety-related software of the railway) DIN EN50159 (Standard for safety-related communication in transmission systems) IEC62443 (Security for IACS systems – Network and system security)

Specifics of railway infrastructure Operating center (control room with several work stations) Safety related components: Interlocking system Points, switches and axle counters Assisting system – train number system and automated driveway system Maintenance and Data Management (MDM) System Connectors to the object controllers

Specifics of railway infrastructure not specific but…. SCADA networks Sales services International communications Meshed networks ….”Data center on the wheels” ……

Potential Damage and Assets to Protect Disruption of traffic Derailment of trains Collision of trains Assets from the safety point of view: Integrity of the devices and the data Availability of the system (= reliability + maintainability) Financial loss Injuries Death

View on the Signaling System

New threats Safety is at risk Cyber-attacks Utilization of COTS products Use of open (rented) networks Openness of infrastructure Safety is at risk

To be competitive, railways have to evolve 1323/3300 * Directive on security of network and information system ** Computer-based interlocking systems in the era of digitalisation 11

To be competitive, railways have to evolve To be competitive, railways have to evolve New features also pose new threats 1323/3300 12

To be competitive, railways have to evolve To be competitive, railways have to evolve New features also pose new threats 1323/3300  Safety is at risk 13

Safety Security Applications to ensure Safety – DB Pilot Authentica-tion and key exchange Secure asset and configuration management Physical access detection Data filtering Data logging and aggregation Reaction to critical events

View on CIPSEC Framework – DB Pilot CIPSEC Framework applied to railway pilot

Vulnerability analysis & penetration testing Future challenges Vulnerability analysis & penetration testing Do we know the system (all component) Do we have a good technical documentation How to make a good plan for vulnerability analysis or pen test? Is software we use „enough“ good Awareness, training and education Do we have a good plan (can be implemented) for awareness? Do we have a good plan (can be implemented) for training/education, who will make a education? 16

Future challenges Forensic analysis Recovery Tomorrow - New Tech…… Black box challenges, IoT challenges Big Data analysis problem (cloud, „data centers on wheels“) Methods and tools for forensic(s) Legal side („black side“ of forensic) Recovery Do we have a „backup“ plan? Do we have „backup“ and …. Do we have a plan for „Business Continuity Management“ ??? Tomorrow - New Tech…… 17

Main challenges for security in railway CI were shown Conclusion Main challenges for security in railway CI were shown Can „standard solution” can be applied to the rail sector If can, how „standard solution” can be applied to the rail sector How suficient protector could look like for interlocking systems Knowledge dissemination – key aspect Future challenges in railway security 18

Thanks for your attention! Questions? Contact: M.Sc. Christian Schlehuber Dr. Jasmin Ćosić DB Netz AG jasmin.cosic@deutschebahn.com christian.schlehuber@deutschebahn.com www.cipsec.eu @CIPSECproject https://www.linkedin.com/in/cipsec-project/ https://www.youtube.com/channel/UCekxicSFAwZdIPAV3iLHttg CIPSEC Workshop Frankfurt/M 16/10/2018