Presentation is loading. Please wait.

Presentation is loading. Please wait.

Specification of Countermeasures for CYRAIL

Published byScarlett Walton Modified over 6 years ago

Similar presentations

Presentation on theme: "Specification of Countermeasures for CYRAIL"— Presentation transcript:

1 Specification of Countermeasures for CYRAIL
What countermeasures to mitigate the risks from the risk analysis?

2 Objective of countermeasures specification
Identify threats and vulnerabilities 76 threats identified (ISO standard & threat analysis) Determine impact Safety, Finance, Operational Determine likelihood Time, Expertise, Knowledge, Opportunity, Equipment Calculate unmitigated risk Risk = Impact x Likelihood Determine Security Level Target To identify the most critical security zones Identify countermeasures To mitigate the risks Analysis of the residual risk Below tolerable risk?

3 Widely-distributed software - Software
Methodology Countermeasures are specified by zone and by threat. Each countermeasure is defined according the security level target of the zone. Example of the Command-onboard zone: Threat Vulnerability Risk Asset Countermeasures Corruption of data Widely-distributed software - Software Corrupting the data an attacked can change the software to create fake information in the asset BTS Logging and monitor device. Define a management policy for patches (systematic, periodic or ad hoc) that is suited to the functional constraints. For example, define priorities for deployment of patches, verify ascending compatibility, and interoperability. Use Reliable NTP (internal real time reference) RBC Logging and monitor device. Local ERTMS Control CF BTS REQ Use an electronic certificate to timestamp data Applying application programs to the wrong data in terms of time - Software These countermeasures may restrict the functionality of the system and therefore, they must not impact the safety of the system. => Focus on the assessment of the fail-safe concept to fall back to a safe operational mode. In some cases, no countermeasure is available to a threat. It is usually due to the fact that the affected asset cannot embed cyber security related countermeasure.

4 Synthesis of Countermeasures
Cyber countermeasures Other countermeasures

5 Countermeasure examples (conduits)
Type Countermeasure Assets Risk Threat Threat class Process & Human actions Set some Key Performance Indicator (KPI) in order to evaluate the level of Quality of Service served by the system and logging. Monitor and alert the gap between normal activities and abnormal activities. Define Thresholds and send an alert. ERTMSBalise The track-to-train communication is jammed Electromagnetic radiation T.RA Occupancy The interlocking-to-track communication is jammed Signalling The communication between zones connected to the Signalling network is jammed Data Protection Control integrity of message with a robust security algorithm (). Use double authentication. Make sure that integrity is controlled by the server and not by the End user.

Download ppt "Specification of Countermeasures for CYRAIL"

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.

© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Risk Management.

Risk Management.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
CSC 386 – Computer Security Scott Heggen. Agenda Security Management.

CSC 386 – Computer Security Scott Heggen. Agenda Security Management.
Slide 1 Using Models Introduced in ISA-d99.00.01 Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
BY MOHAMMED ALQAHTANI (802.11) Security. What is 802.11 ? IEEE 802.11 is a set of standards carrying out WLAN computer communication in frequency bands.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
April 14, 2003- A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.

K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.

Similar presentations

Ads by Google