While technological innovations in devices connectivity and software engineering keep growing, transportation systems are undergoing large scale upgrades to better benefit from the high-tech advance. In railways, the combination of sophisticated software and communication equipment is the hallmark of new performant systems, including those critical to safety such as Automatic Train Control (ATC) and Computer Based Interlocking (CBI), which need extensive security engineering in order to cope with the new cyber risks introduced by the digitalization.
According to the European standard EN 50129, when a safety related system comprises information exchange via a transmission system (TX), the latter system is considered to be a part of the former and communication security must be demonstrated. Another main European standard which covers cyber security is the EN 50159: Railway application – Communication, signalling and processing systems. The standard defines security requirements aiming to guarantee secure communications between safety critical equipment through an open or a closed transmission system. Although these requirements strongly depend on the system’s features, the standard distinguishes between three types of transmission systems to simplify security demonstrations. The classification criteria include the precise definition of equipment’s parts willing to connect to the transmission system, the knowledge of the latter’s characteristics during the equipment life cycle and the risk of non-authorized access to this transmission system.
A number of root causes targeting transmission systems in railway signalling were identified by the EU standard and comprise loss of connection, wiring errors, performance loss, electromagnetic interference (EMI), human errors, TX system overload, fading effects, cross-talk, implementation errors… These threats could urge the system toward a generic message error such as repetition, deletion, masquerade, insertion, incorrect sequence and inconsistency.
In order to reduce the risks corresponding to the previous threats, the system design shall consider basic defence methods such as the following:
Finally, security requirements must appear in the system’s functional specification as well as the system’s safety specification. Furthermore, these requirements are integrated in the final safety case.
ADIF Alstom Transport Ansaldo ATC Automatic train Control Bombardier Business CBTC Community Computer Deutsche Bahn Eco Friendly ERTMS ETCS European Union GE Transportation Green Mobility GSM-R High Speed Hitachi Infrastructure Interlocking Interoperability Interview Labor Market level crossing Metro Moving Blocks Network Rail News PDF Public Transport Rail Rail Station Reliability Safety Siemens Sustainability Systems Engineering Technical Writing Thales Tram Trenitalia UNISIG Urban Mobility