Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security for Safety: Enabling Digitalization of Railway Systems

Published byLiana Pranoto Modified over 5 years ago

Similar presentations

Presentation on theme: "Security for Safety: Enabling Digitalization of Railway Systems"— Presentation transcript:

1 Security for Safety: Enabling Digitalization of Railway Systems
CIPSEC workshop Frankfurt am Main, Dr. Jasmin Ćosić, DB Netz AG M.Sc. Christian Schlehuber, DB Netz AG The research leading to these results has received funding from the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no

2 Agenda 1. Introduction / Motivation 2.
Critical infrastructure and railway sector in Germany 3. Motivation DB CIPSEC 4. Future challenges in railway sector security 5. Conclusion

3 Short intro - Railway (in Germany)
Biggest business premises in Germany – with public access 33,500 km rail network 5,700 Stations (in Germany) as gate to railway transportation 48,800 heated railway switches (of 70,000 total) Approx. 3,300 interlockings 1,323 electronic interlockings (ESTW) trains/day 1 mlrd rail_km/year cca 12.7 milion passengers/day ….. 4.652 milion passengers in 2017 Main Objective: Safe railway operation National Safety Authority has to grant admission for every interlocking Security getting more and more in focus 3 3

4 Introduction - Motivation
What is CRITICAL (BSI definition) What is CRITICAL – „…everything that provide services to citizens, business and government…“ What is CRITICAL in railway section…..almost EVERYTHING Railway system is very complex Need special (specific) approach Security vs. Safety Most critical railway services: Controls system & signaling CCS (SCADA) network Sales services Communication (internetworking) ….. Many Projects in domain of cyber security in railway section. The sectors of CI in Germany (BSI)

5 Regulation in Germany German „IT-Sicherheitsgesetz“ (IT-security law) 7/2015 EU Cybersecurity strategy EU Network and Information Security Directive (NIS) 8/2016 (concerning measures for a high common level of security of network and Information Security in EU) Safety Standards in Germany DIN EN50126 (Railway application: Specification and demonstration of reliability, availability, maintainability and safety) DIN EN50128 (Standard for safety-related software of the railway) DIN EN50159 (Standard for safety-related communication in transmission systems) IEC62443 (Security for IACS systems – Network and system security)

6 Specifics of railway infrastructure
Operating center (control room with several work stations) Safety related components: Interlocking system Points, switches and axle counters Assisting system – train number system and automated driveway system Maintenance and Data Management (MDM) System Connectors to the object controllers

7 Specifics of railway infrastructure
not specific but…. SCADA networks Sales services International communications Meshed networks ….”Data center on the wheels” ……

8 Potential Damage and Assets to Protect
Disruption of traffic Derailment of trains Collision of trains Assets from the safety point of view: Integrity of the devices and the data Availability of the system (= reliability + maintainability) Financial loss Injuries Death

9 View on the Signaling System

10 New threats Safety is at risk Cyber-attacks
Utilization of COTS products Use of open (rented) networks Openness of infrastructure Safety is at risk

11 To be competitive, railways have to evolve
1323/3300 * Directive on security of network and information system ** Computer-based interlocking systems in the era of digitalisation 11

12 To be competitive, railways have to evolve
To be competitive, railways have to evolve New features also pose new threats 1323/3300 12

13 To be competitive, railways have to evolve
To be competitive, railways have to evolve New features also pose new threats 1323/3300  Safety is at risk 13

14 Safety Security Applications to ensure Safety – DB Pilot
Authentica-tion and key exchange Secure asset and configuration management Physical access detection Data filtering Data logging and aggregation Reaction to critical events

15 View on CIPSEC Framework – DB Pilot
CIPSEC Framework applied to railway pilot

16 Vulnerability analysis & penetration testing
Future challenges Vulnerability analysis & penetration testing Do we know the system (all component) Do we have a good technical documentation How to make a good plan for vulnerability analysis or pen test? Is software we use „enough“ good Awareness, training and education Do we have a good plan (can be implemented) for awareness? Do we have a good plan (can be implemented) for training/education, who will make a education? 16

17 Future challenges Forensic analysis Recovery Tomorrow - New Tech……
Black box challenges, IoT challenges Big Data analysis problem (cloud, „data centers on wheels“) Methods and tools for forensic(s) Legal side („black side“ of forensic) Recovery Do we have a „backup“ plan? Do we have „backup“ and …. Do we have a plan for „Business Continuity Management“ ??? Tomorrow - New Tech…… 17

18 Main challenges for security in railway CI were shown
Conclusion Main challenges for security in railway CI were shown Can „standard solution” can be applied to the rail sector If can, how „standard solution” can be applied to the rail sector How suficient protector could look like for interlocking systems Knowledge dissemination – key aspect Future challenges in railway security 18

19 Thanks for your attention! Questions?
Contact: M.Sc. Christian Schlehuber Dr. Jasmin Ćosić DB Netz AG @CIPSECproject CIPSEC Workshop Frankfurt/M 16/10/2018

Download ppt "Security for Safety: Enabling Digitalization of Railway Systems"

Similar presentations

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
CIRAS PROJECT OVERVIEW

CIRAS PROJECT OVERVIEW
Security Controls – What Works

Security Controls – What Works
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
12/12/2013 Cluster Workshop on Cybersecurity 1 Michele Bezzi (SAP) Kazim Hussain (ATOS) SecCord & CYSPA Projects.

12/12/2013 Cluster Workshop on Cybersecurity 1 Michele Bezzi (SAP) Kazim Hussain (ATOS) SecCord & CYSPA Projects.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.

Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No. 619682 ) Business Convergence WS#2 Smart Grid Technologies.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Threat Prevention and Detection (within Critical Infrastructures) under EU Data Protection Legislation– Purpose Specification and Limitation. Laurens Naudts.

Threat Prevention and Detection (within Critical Infrastructures) under EU Data Protection Legislation– Purpose Specification and Limitation. Laurens Naudts.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Chapter 3 Pre-Incident Preparation Spring 2016 - Incident Response & Computer Forensics.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
TÜBİTAK – BİLGEM – SGE Cyber Security Institute Asım Gençer Gökce TÜBİTAK BİLGEM Cyber Security Institute (SGE) Role: Cyber.

TÜBİTAK – BİLGEM – SGE Cyber Security Institute Asım Gençer Gökce TÜBİTAK BİLGEM Cyber Security Institute (SGE) Role: Cyber.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Similar presentations

Ads by Google