Cybersecurity in Railway Signalling Systems

Cybersecurity in Railway Signalling Systems

September 15, 2019
 |
Israel Baron

General


Railway signaling is a system aimed to direct railway traffic, and keep trains clear of each other at all times.

Trains move on fixed rails, making them uniquely susceptible to collisions. This susceptibility increased by the enormous weight and inertia of a train, which makes it difficult to stop when encountering an obstacle.

Most forms of train control involve "movement authority" being passed from the signalman (or stationmaster) to the crow on the train. The set of rules and the physical equipment used to accomplish this are known as the "method of working" (UK), method of operation (US) or safe working (Aus.).

Here are some of the main Railway signaling systems:

1.    ALSN (Russian Federation, Belarus, Estonia, Latvia, Lithuania, Ukraine)

2.    ASFA (Spain)

3.    ATC (Sweden, Denmark, Norway, Brazil, South Korea, Japan, Australia (Queensland), Indonesia)

4.    ATP (United Kingdom, United States of America, Brazil, Australia (Queensland), Indonesia, Hong Kong, Dominican Republic)

5.    CBTC (Brazil, United States of America, Canada, Singapore, Spain, Gabon, Hong Kong)

6.    PZB Indusi (Germany, Austria, Romania, Slovenia, Croatia, Bosnia-Herzegovina, Serbia, Montenegro, Macedonia, Israel)

 

ETCS

The European Train Control System (ETCS) is the signaling and control component of the European Rail Traffic Management System (ERTMS). It is intended to replace the legacy train protection systems and the many incompatible safety systems, currently used by European railways. This standard (ETCS) is also adopted outside the EU and is considered to be an option, for worldwide applications.

Credit: wikiwand.com

ERTM S uses GSM-R (or GSM for Railway) as the international wireless communications standard for railway communication and applications. GSM-R is typically implemented using dedicated base stations close to the railway, with tunnel coverage effected using directional antennae or 'leaky' feeder transmission.

AGSM-R antenna

Cyber and Railway signaling systems

Until recently, the operation of railway signaling systems has been considered to be performed using closed networks, and this was the base assumption for the safety of the signaling systems.

Recently, these systems are getting more and more centralized and integrated, thus the assumption that the signaling system is operated within closed networks, is no longer sustainable.

At the same time, railway signaling systems have become more and more IT based, providing functionality which is not only using dedicated computers and hardware, but instead use regular computers and COTS (Commercial off the shelf)components, which are more vulnerable to Cyber threats. In addition, we see the increase use of networked control and automation systems that can be accessed remotely via public and private networks.

All these “cyber threats” are requiring new measures and efforts in order to ensure the integrity and safety of the railway system.

Some recent examples regarding Cyber-attacks on Railway systems include:

1.    Intrusion into the Lodz tram point control system (2009).

2.   De-activating the ticketing system in San Francisco´s public transport system (MUNI, 2016).

3.   The so-called “Wannacry” attack in May 2017, which infected more than 200,000 computers world-wide, including passenger information screens at railway stations.

An information monitor at a German train station displays the ransomware message Credit: @Zeichen Taten/Twitter

 

Conclusion& Recommendations

As was described in this article, and shown in recent attacks, Railway systems are becoming much more vulnerable to cyber-attacks.

Access to these systems can be gained remotely, via the Internet or the GSM-R channel, through direct contact with the signaling system infrastructure, or by an Insider Threat.

Successful cyber-attacks in Railway signaling systems could result in:

1.    Threats to people safety

2.    Disruption to the rail network and services

3.    Economic loss to rail operators, suppliers or the wider economy

4.    Reputation damage to rail companies

5.    Loss of commercial or sensitive information (Credit card or personal data etc.)

A good Cyber defense plan for Railway companies should consider the following:

- Develop a strong governance for cyber security in the organization.

- Management and monitoring of systems and procedures, to ensure early warning of a cyber-attack.

- Reduction on the likelihood of attack, through good multi-layered design and robust operational and maintenance procedures.

- The ability to investigate the attack, after it accrued.

- Force railway suppliers to develop signaling systems which are cyber secured "by design".

 

Posted by:
Israel Baron
Category:
Whitepaper