Marie-Hélène Bonneau, Senior Security Advisor, UIC (International Union of Railways), shared some lessons learned from EU-funded projects SECRET and CYRAIL.
Mme Bonneau outlined UIC activities in general and in relation to cyber security, including forthcoming conferences.
Rail is identified as a critical infrastructure that is becoming more connected and open, interoperable and harmonized. Threats (both human and technology) are emerging and adapting faster than traditional security can adapt.
The SECRET Project addressed Electro Magnetic attacks (EM) that can jam electronic transmissions, or even damage electronic systems. SECRET investigated threat scenarios, consequences, prevention and recovery solutions. The public white paper produced over 40 recommendations and was supplied in hard copy at the conference and can be downloaded1.
CYRAIL2 aims to deliver a cyber security assessment of railways, including operational scenarios, security assessment, threat analysis, attack detection, early warning, mitigation and countermeasures, as well as protection profiles. The early work will focus on signalling and communication systems, and will deliver an assessment methodology based on ISO 624433 (although this has many limitations except where it applies to isolated products).
The links to these projects (below) provide access to results and participants.
2 CYRAIL – http://www.cyrail.eu
3 ISO 62443 - https://webstore.iec.ch/publication/7029 Industrial communication networks system security
“CyberSecurity4Rail” Railway Industry Conference - Brussels 4th October 2017
- Welcome and overview: “Co-operation is essential in the quest to manage technology and people for security”
- Cyber security – don’t be a victim: “Information is power and control of information has unexpected consequences”
- The regulators’ view on cyber security: “Multi-modal transport requires data exchange and interconnection”
- Security in the SERA – policy considerations: “The need for common understanding, guidelines and best practices”
- The Network and Information Security Directive (NIS Directive): “A host of European actions in cyber security”
- The railway sector perspective on cyber security: “Integrated approach to security and safety without duplication”
- How airlines protect against cyber-attack: “Adversaries are not systems, but people who are smart and who pursue goals”
- Secure networks for collaborative services: “Networks are the risk – meshed networks provide a segmented and secure response”
- First panel discussion: Product liability, staff training & awareness, information sharing in both safety and security…”
- Cyber security and resilience of transport infrastructure: “Current European initiatives in cyber security supporting Rail”
- Perspectives from a European railway operator: “Trains as data centres – protecting train IT as a cyber-crime target”
- Lessons learned from EU projects SECRET and CYRAIL: “Rail as critical infrastructure requires strong projects to protect it”
- Perspectives of a railway infrastructure manager: “Extensive premises, public accessibility – DB managing security risks”
- The telecommunications view: “Risk management depends on agility”
- The IT provider view: “Understand vulnerability and develop avoidance and mitigation strategies”
- Second panel discussion: “The need for co-ordinated action”
- Closing keynote address: “Achieving an EURail-ISAC, without replication or over-regulation….”
- The Way Forward: “Establishing a European Railway ISAC based on a common understanding”
- Annexe - Conference Evaluation Summary – Consensus