This video isn’t available to you right now

Protection of a Communication Based Train Control System from Hackers

Session
Thursday, 24 October 2019
16:24 - 16:24
Duration: 18 mins
Publication date: 06 Nov 2019
Location: Senaatszall , TU Delft, Delft, Netherlands
Part of event ASPECT 2019 - Inst. of Railway Signal Engineers

About the session

Cyber-Resilience

Shortly after ASPECT 2017, the industrial control systems community received a stark reminder of the cyber threat to critical infrastructure. An energy plant in Saudi Arabia had been shut down by malware. Except, this malware was different: It had successfully infected the SIL-rated Safety Instrumented System and attempted to cause a wrong-side failure. All that stood between the plant and violent tragedy were a couple of small coding mistakes on the part of the attackers.

Like in the wider industrial control systems community, railway digitalisation is rapidly introducing commercial information technologies to signalling and train control systems. While this provides for significant opportunities, it introduces new risks. The security risks posed by digitalisation are unique because of the increased exposure to, and/or magnified impact of, a cyber-attack.

As cyber threats continue to grow, governments are beginning to introduce security regulations that impact the signalling and train control industry. The best example is probably the EU Network and Information Systems (NIS) Directive -- the world’s first inter-governmental initiative on cyber security -- which came in to effect in May 2018. It places legal obligations on the operators of essential services, including railway infrastructure, to:

Manage Cyber Security Risk

Protect Critical Infrastructure Systems from Cyber-Attack

Detect Cyber Security Incidents

Minimise the Impact of Cyber Security Incidents

The signalling industry is still in the early stages of addressing these objectives, and stakeholders are at varying levels of maturity. Currently, S&TCS asset owners take different approaches to security management. Individual system suppliers consider security architecture within their own limited scope. Vendors build products to varying levels of security and sometimes with incompatible technologies. When security functionality does finally make it to the railway, it can become obsolete long before the end of the system lifespan.

To efficiently and effectively manage security risk across the railway, stakeholders must work together to overcome this maturity gap. Like has been done with safety, the industry needs to collaborate on a standard approach, agree clearly defined baselines and create interoperable security architecture. To achieve this, stakeholders will need to overcome challenges including protecting one’s intellectual property and commercial position while openly cooperating on cyber security. This paper examines why industry cooperation is an essential part of building a more secure and resilient railway, how we can leverage it and what challenges there are to implementing such cooperation.

Keywords:: Bots

Cyber attack

Cyber security

Firewall

Hackers

Malware

Networks

Ransomware

Social Engineering

Software

Trojans

USB

Wi-Fi

WiFi

Channels

Transport

Speaker

Henry Cheung

Ir. Henry Cheung was a graduate of the University of Toronto Faculty of Applied Science and Engineering, Division of Engineering Science. He also attained the qualification of Master of Business Administration from Deakin University in Melbourne, Australia.Ir Henry Cheung has over 30 years’ experience in the railway engineering industry, serving in various capacities in the client, consultant and supplier organization and has delivered railway systems around the world. His most notable contribution was his leadership in the first replacement of a signalling system to the Hong Kong MTR network and the introduction of the first Communication Based Moving Block Train Control system to the KCRC West Rail and Ma On Shan Lines.Ir Cheung is renowned in the local engineering community and global railway industry. He has served in various positions in many professional institutions and has lectured in post-graduate level railway engineering courses.Ir. Cheung is a Registered Professional Engineer (Electronics and Control, Automation & Instrumentation); Chartered Engineer (United Kingdom); Professional Engineer (Ontario, Canada); Fellow of the Institution of Engineering and Technology; Fellow of the Hong Kong Institution of Engineers, Fellow of the Institution of Railway Signal Engineers; Senior Member of the Institute of Electrical and Electronic Engineers; and Fellow of the Hong Kong Information Technology Joint Council. He is also actively involved in the profession: being a Council Member of the Hong Kong Institution of Engineers; executive member of the Hong Kong Information Technology Joint Council; Vice Chairman of the Railway Signal Engineers Hong Kong Branch; member of the Hong Kong Institution of Engineers Electronics Professional Advisory Panel; Board member of the Smart City Consortium; member of the Consultative and Advisory Panel of the Hong Kong Internet Registration Corporation Limited; member of the Advisory Committee, Department of Electronic Engineering, Chinese University of Hong Kong; past Chairman of the Institution of Engineering and Technology Hong Kong branch; past Chairman of the Hong Kong Institution of Engineers Electronics Division; and past member of the Divisional Advisory Panel for the Electrical and Electronics Engineering Department, University of Hong Kong.

computer crime security of data

This video isn’t available to you right now

About the session

Channels

Title