Cyber Physical Systems in the UK Railway Industry - Webinar discussion

The slides can be found here

Does IEC 64423 standard applies to transportation industry? Is there a dedicate cybersecurity standard been devloped for transportation?


IEC62443 is being developed for the rail sector - specifically IEC 62443-4. There are new technical standards which will be based on 62443 currently in consideration at CENELEC.

Does the threat also exist on the Electrical Control network (SCADA) system. New traction substations are now connected via telecommunications networks.


SCADA is one of the components that make up an Industrial Control System and have been previously exploited. I can't comment on specific components, but you've highlighted that interconnectivity is something we need to carefully consider, as this does allow an adversary to go from one system to another if there adequate defences are not in place.

How do we make solutions work in a world of standards?


One issue with the rail sector is that for signalling, it is highly standardised, where you will have a lot of trains and systems deployed. We need to take a careful approach to make sure that we don't invalidate the existing implementations and incrementally improve security.

Is there a move in the rail industry to move to a communications standard like IEC 61850?


I've been previously involved with a few academics who look at IEC61850. Right now, we're still using GSM-R, and there is a push for the 'Future Rail Mobile Communications System' (FRMCS). Which will be based on 5G - I've not heard of anything specifically for the rail sector yet.

What have designers of ERTMS learnt from IT security with the design of protocols and cryptography?


The ERTMS standards are designed to allow for improvements and changes over time. We raised the issue with the appropriate stakeholders the potential issues, and were pleased with their feedback. Part of the issues will be resolved when the Future Rail Mobile Communications System (FRMCS) is deployed, which will be based on the 5G standard and is much more secure compared to GSM-R.


How ERTMS deals with denial of service attack, moving or removing trackside devices?


Denial of Service has been considered, where GSM-R is the slowest component in ERTMS, where the messaging has a much lower burden on the bandwidth. On trackside devices, if you miss a balise, you look for the next one. In ERTMS Levels 1 and 2, you have some integrity validation still done at the trackside (e.g. axle counters and track circuits).

what do you think about the use of public cloud for safety critical applications like Control systems, ARS systesm or TMS etc


The public cloud has significant benefits - right now, I think, as I'll discuss in a few minutes, we need to carefully consider architectures and exposure. Provided the environment is secure and has been carefully designed, the cloud should be an extension of your traditional network.

Can you tell about Hardware and software challenges in cyber physical systems?


Hardware previously was very constrained, which meant your software would also be constrained - think about operating systems on old computers which ran on 4MB of RAM, and today, we need 4GB.

In a fully ERTMS Level 2 area, if you lose GSM-R you lose both signalling and communications to/from the trains - so all trains stopped, which is not very safe. So is denial of service a bigger risk than risk of bogus messages?


I would argue stopping all trains is a safe move. Denial of Service is a problem because it has economic effects - e.g. stopping trains at a throat to a major station.

Hi Lynsay, great presentation. Overall the Cyber Security in Transportation is a much newer problem in Australia, as we are only just really moving to some of the new digital railway environment. The RISSB in Australia did release a standard in 2019, www.rissb.com.au/secure-download.php AS7770:2018 I'm not sure if there has been cross learnings with standards such as IEC62443. Kind regards Rob