Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to assess the risks? Irene Arsuaga CYRAIL Final Conference

Published bySamantha Warner Modified over 6 years ago

Similar presentations

Presentation on theme: "How to assess the risks? Irene Arsuaga CYRAIL Final Conference"— Presentation transcript:

1 How to assess the risks? Irene Arsuaga CYRAIL Final Conference
Paris, How to assess the risks? Irene Arsuaga

2 Index Introduction Overview on existing methodologies
Recommended cybersecurity risk assessment methodology for the railway sector Conclusions

3 Introduction SECURITY ASSESSMENT METHODOLOGY
More connected systems, open standards, open networks Security New risks associated to system security How to identify main risks? How to identify the most critical assets? How to identify the most appropriate countermeasures? SECURITY ASSESSMENT METHODOLOGY

4 Overview on existing methodologies
Overview of Cybersecurity standards (I) ISO/IEC 27005: Guidelines for Information Security Risk Management 4 phases: Context establishment Risk assessment: identification, analysis and evaluation Risk treatment Risk acceptance List with examples of typical threats and vulnerabilities NIST SP 3 processes: Risk assessment Risk mitigation Evaluation and assessment

5 Overview on existing methodologies
Overview of Cybersecurity standards (II) CENELEC: EN 50126, EN 50129, EN 50159 French Security Standards ETSI TS TVRA method ISA/IEC series Security Risk Assessment and System Design: ISA/IEC System Security Requirements and Security Levels: ISA/IEC DIN VDE V ISA/IEC series applied to railway sector APTA: Cybersecurity Considerations for Public Transport Methodologies used in related industries Aeronautics: ED-202/EUROCAE

6 Recommended cybersecurity risk assessment methodology for the railway sector
Selection of the security assessment framework CYRail methodology based on ISA/IEC (under development) Worldwide scope Completeness of the standard and detailed overview of the different phases Already exists a tailoring of the norm to the railway signalling context (DIN VDE V ) Harmonised with X2Rail-1 Includes assumptions from DIN VDE V norm Includes concepts from ETSI TVRA method to complement steps not defined by ISA/IEC 62443

7 Recommended cybersecurity risk assessment methodology for the railway sector
Overview of ISA/IEC 62443 Three Security Levels (SL): Target SL, Achieved SL and Capability SL Seven Foundational Requirements (FR) IAC: Identification and Authentication Control UC: Use Control SI: System Integrity DC: Data Confidentiality RDF: Restricted Data Flow TRE: Timely Response to Events RA: Resource Availability SL value defined with a vector which value corresponds to the FRs DIN VDE assumption: no need to distinguish between different FRs of the same zone. The worst case considered.

8 Recommended cybersecurity risk assessment methodology for the railway sector
ZCR 1 - Identification of the System under Consideration (SuC) ZCR 2 - Perform a high-level cybersecurity assessment ZCR 3 - Partition of the SuC into zones and conduits Perform a detailed cybersecurity risk assessment to zones and conduits ZCR 4 - Documentation of the process

9 Recommended cybersecurity risk assessment methodology for the railway sector
ZCR 1 – Identification of the SuC Railway communication scenario Supporting ERTMS level 1 and 2 Architecture diagrams and complete list of assests

10 Recommended cybersecurity risk assessment methodology for the railway sector
ZCR 2 – Perform a high-level cybersecurity assessment Identification of the worst-case unmitigated risks Threats List of typical threats in ISO  Grouped in the seven FRs Quantification of the high-level risk Impact Likelihood

11 Recommended cybersecurity risk assessment methodology for the railway sector
ZCR 3 – Partition of the SuC into zones and conduits Separation of safety-critical zones Wireless communications Business and control systems Temporarily connected devices Location, functionality Zone and conduit drawings

12 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (I)

13 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (II) DRAR 1 – Identify threats Cyber threats in ISO grouped in the Foundational Requirements Threats gotten by analysing past incidents in rail and other transportation sectors 76 threats identified DRAR 2 – Identify vulnerabilities Cyber vulnerabilities in ISO 27005 Example: Onboard equipment Threat: Remote access and control via wireless communication Vulnerability: Poor authentication practices Example: Onboard equipment

14 Recommended cybersecurity risk assessment methodology for the railway sector
Damage category Damage reference Factor Safety Life-threatening injuries 10000 Severe and life-threatening injuries 1000 Light and moderate injuries 100 No injuries Finance Existence-threatening damage Substantial damage Undesirable financial damage 10 No or tolerable damage Operational Vehicles unusable Service affected Comfort affected 1 No relevant effect Detailed cybersecurity risk assessment to zones and conduits (III) DRAR 3 – Determine consequences and impact (I) Safety, finance and operational

15 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (IV) DRAR 3 – Determine consequences and impact (II) Quantitative measurement to calculate the Damage Potential (DP) Estimations made in the worst-case scenario (without cyber security countermeasures) DPtotal = DPsafety + DPfinance + DPoperation Damage Potential Impact Category 0 – 2 Minor 3 – 21 Moderate 22 – 210 Major > 210 Critical

16 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (V) DRAR 3 – Determine consequences and impact (III) Example: Onboard equipment Threat: Remote access and control via wireless communication Impact area DP (0-4) DP Resulting DP Impact category Impact level Safety 4 10000 11100 Critical Financial 1000 Operational 100 Threat

17 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (VI) DRAR 4 – Determine unmitigated likelihood (I) TVRA method: time, expertise, knowledge, opportunity and equipment Factor Range Value Time =< 1 day =< 1 week 1 =< 1 month 4 =< 3 months 13 =< 6 months 26 > 6 months 27 Factor Range Value Expertise Layman Proficient 2 Expert 5 Knowledge Public Restricted 1 Sensitive 4 Critical 10 Factor Range Value Equipment Standard Specialized 3 Bespoke 7 Opportunity Unnecessary Easy 1 Moderate 4 Difficult 12 None 27

18 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (VII) DRAR 4 – Determine unmitigated likelihood (II) Quantitative measurement to calculate the Attack Potential (AP) Estimations made in the worst-case scenario (without cybersecurity countermeasures) APtotal = APtime + APexpertise + APknowledge + APopportunity + APequipment AP value AP level Likelihood level < 3 No rating Certain 3 – 6 Basic Likely 7 – 14 Moderate Possible 15 – 26 High Unlikely > 26 Beyond high Remote

19 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (VIII) DRAR 4 – Determine unmitigated likelihood (III) Example: Onboard equipment Threat: Remote access and control via wireless communication Factor AP Resulting AP AP level Likelihood Likelihood level Time 1 11 Moderate Possible 3 Expertise 5 Knowledge 4 Opportunity Equipment

20 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (IX) DRAR 5 – Calculate unmitigated risk (I) Risk = Impact x Likelihood Tolerable risk = 3 Likelihood  Certain (5) 5 10 15 20 Likely (4) 4 8 12 16 Possible (3) 3 6 9 Unlikely (2) 2 Remote (1) 1 Minor (1) Moderate (2) Major (3) Critical (4) Impact  Marcar ejemplo

21 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (X) DRAR 5 – Calculate unmitigated risk (II) Example: Onboard equipment Threat: Remote access and control via wireless communication Likelihood  Certain (5) 5 10 15 20 Likely (4) 4 8 12 16 Possible (3) 3 6 9 Unlikely (2) 2 Remote (1) 1 Minor (1) Moderate (2) Major (3) Critical (4) Impact  Impact = 4 Likelihood = 3 Risk = 12 Marcar ejemplo

22 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (XI) DRAR 6 – Determine Security Level Target Cyber Risk Reduction Factor (CRRF): defined by the ISA/IEC 62443 Example: Onboard equipment Threat: Remote access and control via wireless communication Risk = 12 Tolerable risk = 3 SL-T = 4

23 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (XII) DRAR 7 – Identify and evaluate existing countermeasures Determine existing countermeasures in the SuC Determine their effectiveness to reduce the impact and likelihood of the threats by calculating their SL-C Worst case considered  no existing countermeasures DRAR 8 – Re-evaluate the likelihood and impact Considering the countermeasures identified in DRAR 7 DRAR 9 – Calculate residual risk Considering the impact and likelihood values of DRAR 8 With the same risk matrix

24 Recommended cybersecurity risk assessment methodology for the railway sector
Detailed cybersecurity risk assessment to zones and conduits (XIII) DRAR 10 – Determine if residual risks are below tolerable risk Residual risk (DRAR 9) vs. Tolerable risk (DRAR 5) If Residual Risk > Tolerable Risk  DRAR 11 DRAR 11 – Apply additional cybersecurity countermeasures (I) Iterative process  DRAR 8

25 Resiliency techniques
Recommended cybersecurity risk assessment methodology for the railway sector Detailed cybersecurity risk assessment to zones and conduits (XIV) DRAR 11 – Apply additional cybersecurity countermeasures (II) Example: Onboard equipment Threat: Remote access and control via wireless communication Countermeasures Resiliency techniques Impact Likelihood Risk Area DP IL Factor AP LL Logging and monitor device. Define a management policy for patches (systematic, periodic or ad hoc) that is suited to the functional constraints. For example, define priorities for deployment of patches, verify ascending compatibility, and interoperability. Safety 2 3 Time 4 1 Financial Expertise 5 Operational Knowledge Secure connection with the authentication server. Log security and administration events. The identity and the permissions of the user account are systematically checked before any privileged action Opportunity 12 Equipment

26 Conclusions Cybersecurity risk assessment methodology proposed
Most critical zones identified with the implementation of the cybersecurity risk assessment Risk of zones assessed determining likelihood and impact Countermeasures evaluated Most appropriate countermeasures implemented to reduce risk All zones risk below the tolerable risk

27 How to assess the risks? Irene Arsuaga CYRAIL Final Conference
Paris, How to assess the risks? Irene Arsuaga

Download ppt "How to assess the risks? Irene Arsuaga CYRAIL Final Conference"

Similar presentations

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
Security Controls – What Works

Security Controls – What Works
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
By: Ashwin Vignesh Madhu

By: Ashwin Vignesh Madhu
Risk Assessment Frameworks

Risk Assessment Frameworks
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Application Threat Modeling Workshop

Application Threat Modeling Workshop
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
ISMS for Mobile Devices Page 1 ISO/IEC 27001 Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.

ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.
Assurance Case Approach TECNALIA Inspiring Business Novara November, 2013 TRIAL WS.

Assurance Case Approach TECNALIA Inspiring Business Novara November, 2013 TRIAL WS.
Slide 1 Using Models Introduced in ISA-d99.00.01 Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Similar presentations

Ads by Google