SAFETY4RAILS project held its second workshop with the external experts of the advisory board on 15 March 2021
SAFETY4RAILS aims at increasing railway infrastructure resilience against combined cyber-physical threats, including natural hazards. To reach this goal, the project will provide the railways with a set of tools addressing risk assessment, risk reduction, threat prevention, threat detection, stakeholder response to incidents and system recovery. By providing intelligence, the SAFETY4RAILS Information system (S4RIS) platform will assist end-users and enhance decision making capacities.
After almost 6 months of work, the consortium partners presented the work achieved regarding the identification of needs and requirements from the end-use perspective on the threat landscape, as well as specific requirements for standardisation and interoperability. Security experts from railways companies, authorities, EU agency as well as ethical experts attended the meeting and exchanged views with the partners on these first results.
After a brief overview on the project by UIC, the main requirements identified and prioritised by the end-users of the consortium (RFI (Italy), Prorail (Netherlands), TCDD (Turkey) and FGC (Spain) for the railways, Metro de Madrid, EGO (Ankara metro) for metro operators, Commune de Milano and UIC as end-user coordinator) together with support from other project partners were presented by CEIS who is leading this task. Starting from the threat and risk landscape, more than 70 needs-requirements have been drafted and ranked by the partners. Among the high-level requirements, the following were highlighted:
- Improvement of communications (both internal & external to railways and metro organisation): need for automatization, IT based information and reporting system,
- Ensuring security of systems: multifactor authentication, encryption process for passenger personal data, secure integration of connected services (including the digitalisation of legacy systems, …)
- Cooperation with authorities (exchange of information on incidents…)
- Monitoring and detection (automatization of online monitoring process, improve the detection of weak signals deployment of smart sensors…)
Then a focus was given by RINA on requirements deriving from standards. Within the current EU legal framework and international standards in the field of security, the NIS EU Directive has been identified as the major legal text regulating security aspects for the railway sector. There is for now no mandatory security standard for the rail sector. However, non-mandatory standards and best practices have been analysed to ensure S4RIS is coherent and as much in line with the most adopted security standards, such as ISO 27001, IEC 62443 and ISO 27035.
Interoperability is a key component of the future S4RIS and Fraunhofer EMI gave an overview on one hand on the interoperability of the S4RIS itself with the integration of 17+ different tools and on the other hand, on the possible approaches to integrate S4RIS with the end-users legacy systems. The S4RIS GUI will be a web-based interface aimed to provide a single point of access to the tools integrated in the platform and to support the end-users’ operators.
Finally, the S4RIS concept architecture was presented by the National Center for Scientific Research “Demokritos”. The S4RIS’s tools can be classified in 3 main categories: real-time monitoring/infrastructure tools, simulation tools and risk assessment and decision support tools. S4RIS tools will interact in the S4RIS with several information flows. The proposed architecture of the system was presented. It’s divided in 5 different layers: Source Layer; Information Exchange Layer; Storage Layer; Data Processing Layer; Decision Support / Application Layer. This architecture demonstrated how the different components of the S4RIS can be integrated.
The workshop was very interactive with several inputs and feedbacks on key requirements such as the importance of securing the S4RIS platform itself since it will deal with very sensitive information. Discussions were held on the user interface for S4RIS.The semantic data model was also highlighted as a key requirement to ensure the integration of the tools from the user point of view.
The next workshop with the advisory board will be held at the end of April focussing on some use-cases and specific requirements for crisis management and communication to the public from the multimodal point of view. It will seek to ensure a smooth transition towards the further definition of scenarios to be tested later in the project.