The railway system of systems presents an ecosystem as a complex set of living cyber-physical entities actuating, operating and interacting in the loop. Advanced technologies, including cloud, automated solutions and the internet of things (IoT), connect once isolated operational technology (OT), such as railway signal control systems, to enable railway operations like precision scheduling or actuating trains in the loop. OT systems, such as industrial control systems (ICS), SCADA systems and programmable logic controllers (PLCs), sensor stations and actuator systems, are used to control transportation networks and railway assets where digital technologies enable us to take operational data from these systems and process the data in real-time to optimise train operations and the movement of passengers and goods.
Physical security precautions chain-link fencing, padlocked control boxes, closed-circuit television and security patrols were the primary defence countermeasures to protect industrial control systems keeping analogue signalling systems safe from physical attacks. However, in recent years, especially after taking the lessons from DoS and DDoS attacks to Sweden Transport Administration in 2017 and to Danish DSB (Danske Statsbaner) in 2018, cyber security has gained equal importance, especially when “digital twins” of physical assets are used for monitoring and optimisation.
According to Prof. Salih Ergün, CTO of ERARGE (a research-oriented SME involved in SAFETY4RAILS project) and having 25+ years of experience in cyber-physical systems, “Railway systems are complex infrastructures and cyber-only protection at high-level software-based systems is not sufficient. We also need to protect the hardware-based low-level components of cyber-physical railway infrastructures with more effective, trusted and higher-throughput solutions.”
It is impossible to stop the actually-operating systems within the railway ecosystem when it is necessary to apply any cyber-physical security assessment and monitoring, or even intervention, response or recovery in the case of a cyber incident occurs. ERARGE has proposed an active cyber-physical resilience solution in SAFETY4RAILS by developing the secure digital twin of the existing actual data channel and enhancing the end-to-end security between the nodes and services within a typical railway system. The digital twin approach enables an alternative secure channel which may help operators to compare the actual system with the alternative system so that they can identify the anomalies and then vulnerabilities. The secure channel realised at the digital twin counterpart of the actual system also presents the potential protective countermeasures that can be applied to prevent cyber-attacks targeting the low-level hardware-based components within the cyber-physical system.
PRIGM, a high-throughput hardware security module, and Senstation, a high-performance sensor station strengthened with the secure gateway, are used in SAFETY4RAILS to create point-to-point security between any node pairs in a railway system. These nodes can be systems, edge devices, services or users’ applications. Senstation, at peripherals (client-side), and PRIGM at central nodes like command control centres (server-side), are paired to apply cryptographic functions where data is generated. Thus, a secure digital channel can be established without interfering with the actual system. This approach presents an alternative secure channel in-the-loop that does not interrupt the system on charge.
The proposed solution is being integrated with the S4RIS (SAFETY4RAILS Information System) and will be deployed for two use cases led by railway operators EGO (Ankara’s Metro operator) and TCDD (Turkey’s National Railways Operator) in Ankara/Turkey. In the first case (indoor), the cyber-physical resilience of metro and train stations will be improved by preventing unauthorised access to Network Equipment Rooms and by monitoring the anomalies in the sensor-based surveillance systems operating at stations. In the other use case, an outdoor incident will be tackled where an edge IoT system observing the wind speed and direction will be monitored against any cyber-physical attack at rural areas like near the bridges or tunnels.
After discussions with experts from railway operators participating SAFETY4RAILS project, “The proposed holistic hardware-security approach and the SAFETY4RAILS solutions stack has a strong potential to improve the resilience starting even from end nodes and cover the entire railway network. This comprehensive approach will not only improve the security of railways, but also preserve the privacy of stakeholders in the ecosystem and drive safety by preventing unintended or intended cyber and physical damages”, Prof. Ergün says.
ERARGE