The need of a Security Operation Control Centre to manage railway security

Sep 13, 2021 | News

Security is a cornerstone of any sustainable mobility policy and mobility system. Making rail transport secure is complex as it must be open and accessible and enable an efficient flow of passengers and goods.

At the same time, a rail, like any other transport system, faces a broad spectrum of threats, ranging from low-probability-high-impact events (e.g. terrorist attack) to high probability-low-impact (e.g. vandalism) that make different security technologies necessary (e.g. chemical sensors, intrusion detection systems, video management systems). This leads to the challenge of integrating the various security technologies into a coherent and easily manageable system.

It became clear that railway security will be enhanced if the multitude of actors in the field will adopt international interoperability standards for security. The rail sector today includes various independent actors. Until these international standards are promulgated, railway security actors should agree on a common implementation.

In order to achieve a higher level of interoperability, shared methods and procedures are required in order to efficiently use the available information in the context of a security incident. With this goal in mind, Security Operation Control Centre (SOCC) solutions from different partners can be integrated in a global security system.

The role of the Security Operation Control Centre (SOCC) is to ingest and correlate various event sources into a single platform and thus improves the situational awareness among those persons that need to work with the information, for instance security operators or first responders. Several SOCC’s can share a situation and cooperate.

Typically, such a system visualises the events in a GIS map and shows related video cameras, recorded videos and it provides operational and security related procedures. Simple events can be correlated to a major incident which means that the event contains additional information on for instance a responsible person, severity, certainty, and urgency.

The SOCC system helps the operator in his daily work to suppress nuisance alarms, to group similar alarms, and to relate the event with other information and sensors. The SOCC guides the operator through a stressful situation through electronic Standard Operational Procedures (eSOP). These procedures are programmed today but can be executed as a graphical business process in the future.

To allow for a continuous improvement of the eSOPs during operation, the decisions and actions of the operator can be recorded. With such a system the operator can be trained with simulated operational situations.

The use of SOCC allows the implementation of a Crisis Management System (CMS), a solution to manage a crisis with various responders and any class of requested stakeholders. A CMS has to handle multiple operators, transportation modes and locations. A crisis manager has to act and make decisions based on all available real time information. This information can come from external experts and external media types like news feeds, live and recorded, as well as fixed and mobile video that need to be integrated. As situations evolve, hand-over from SOCC to CMS may prove to be necessary.

In the SAFETY4RAILS project, functionalities within the roles of SOCC, such as a decision support system, are implemented as part of the S4RIS platform (SAFETY4RAILS Information System) prototype in a component which targets user decision support with insights automatically created from different monitoring tools alerts. The S4RIS platform combines simulation and monitoring capabilities as well as visualisation means to prevent, forecast, detect, defuse, respond and mitigate the impact of cyber and physical threats in a holistic methodological and operational approach resulting in a collaboration between cyber physical security technologies and actors.

LEONARDO

Share This