Cyber Physical Systems in the UK Railway Industry - Webinar discussion

What have designers of ERTMS learnt from IT security with the design of protocols and cryptography?


The ERTMS standards are designed to allow for improvements and changes over time. We raised the issue with the appropriate stakeholders the potential issues, and were pleased with their feedback. Part of the issues will be resolved when the Future Rail Mobile Communications System (FRMCS) is deployed, which will be based on the 5G standard and is much more secure compared to GSM-R.


How ERTMS deals with denial of service attack, moving or removing trackside devices?


Denial of Service has been considered, where GSM-R is the slowest component in ERTMS, where the messaging has a much lower burden on the bandwidth. On trackside devices, if you miss a balise, you look for the next one. In ERTMS Levels 1 and 2, you have some integrity validation still done at the trackside (e.g. axle counters and track circuits).

What have designers of ERTMS learnt from IT security with the design of protocols and cryptography?


The ERTMS standards are designed to allow for improvements and changes over time. We raised the issue with the appropriate stakeholders the potential issues, and were pleased with their feedback. Part of the issues will be resolved when the Future Rail Mobile Communications System (FRMCS) is deployed, which will be based on the 5G standard and is much more secure compared to GSM-R.


How ERTMS deals with denial of service attack, moving or removing trackside devices?


Denial of Service has been considered, where GSM-R is the slowest component in ERTMS, where the messaging has a much lower burden on the bandwidth. On trackside devices, if you miss a balise, you look for the next one. In ERTMS Levels 1 and 2, you have some integrity validation still done at the trackside (e.g. axle counters and track circuits).