Overview of UIC Cybersecurity activities Security for critical
Overview of UIC Cybersecurity activities Security for critical computerized systems September 2018, Paris Prof. Dr. Marc Antoni FIRSE – AFFI – VDEI UIC - Rail System Director antoni@uic. org
Summary 1. Cyber-risk: myth or reality? 2. UIC cybersecurity related projects 3. CYRail and UIC works complementarity 4. ARGUS main results 5. On going works 6. Perspectives 2 Prof. Dr. Marc ANTONI – September 2018
1 – Cyber-risk: myth or reality? > What are the risks / industrial computerized systems? Threats to people safety Disruption to the rail network and services Economic loss to company and/or suppliers Reputational damage Loss of commercial or sensitive information All at regional, national or international level… 3 Prof. Dr. Marc ANTONI – September 2018
1 – Cyber-risk: myth or reality? > Safety vs. security - Safety supported by hardware random events (SIL) - Safety & security supported by software deal with common modes and/or sequence of malicious events (N/P redundancy are futile for security) cyber incidents can lead of causing uncertainty or loss of confidence, can lead to unsafe situations > Cyber-risk is a reality ! 4 Prof. Dr. Marc ANTONI – September 2018
1 – Cyber-risk: myth or reality? > Few examples. . . Top of the iceberg Intrusion into the Lodz tram point control system (2009) Ticketing system in San Francisco´s public transport system hacked (2009) UK Rail network attacked by hackers 4 times in a year (2016) “Wannacry” attack infected also PIS systems (May 2017) Prof. Dr. Marc ANTONI – September 2018
1 – Cyber-risk: myth or reality? > Few examples. . . Top of the iceberg Result of a IXL "white box" penetration testing Information displayed on the dispatcher's workstation Normal system operation (routing) 6 Point operation through unauthorized usage of a high-level command Prof. Dr. Marc ANTONI – September 2018
1 – Cyber-risk: myth or reality? The danger is real, as for availability of the operations as for the safety of the trains ! 7 Prof. Dr. Marc ANTONI – September 2018
2 – UIC Cybersecurity related projects • UIC was involved in EU SECRET project. Protection of railway Infrastructure against Electromagnetic Attacks (EU funded project with 10 participant from 5 countries) • UIC participation on CYRail project. To bring railways’ perspective into the project and being, somehow, the link of railways world with university, research centers, aeronautic industry and technology and cybersecurity companies • Launched in 2016 “ARGUS” project to: - Set the UIC in the position of proposing an approach to a global strategic vision specific to rail; - Join the Security & Safety on a synergic action - Create awareness on specific challenges of the rail transport - Identify and create alliances with the other potential “victims” - join efforts - Publish Guidelines and/or Standards for the railways community • Creation of a Technical Security Experts Group 8 To create a group to discuss about cyber security for railways How to apply norms and standards in the railway domain. What are the available tools and materials Share experiences in cybersecurity issues, policies, etc. Prof. Dr. Marc ANTONI – September 2018
2 – UIC Cybersecurity related projects EU SECRET project § Protection of railway infrastructure against Electromagnetic attacks The target is to avoid the data transmission Jamming the data transmission between the devices = disrupting or confusing the system EM signal Antenna SECRET scope 9 Electronic device Data transmission Electronic device Prof. Dr. Marc ANTONI – September 2018
3 - CYRail and UIC works complementarity • CYRail project, focus on analyzing the threats targeting railway infrastructures with already developed and innovative, attack detection and alerting techniques. Define adapted mitigation plans and countermeasures and deliver protection profiles for railway control and signaling applications to ensure security by design of new rail infrastructures. • UIC cybersecurity approach, tries to help the railways to decide which policy apply to their safety systems, having in mind the laws, rules, norms and standards. How to manage safety and security link, having in mind the importance of change management and to develop their asset management in relation with all cyber-related assets. 10 Prof. Dr. Marc ANTONI – September 2018
4 – ARGUS main results Need for a "railway system" approach > The functional and environmental requirements of Safety and Security need to be integrated. - "Security is a part of safety": two are linked at system level. - "Cyber Security should be included in the Asset Management process": define the conditions for outsourcing in order to exercise upstream risk control ahead of design/deployment. . > Resilience analysis and design will help with a safe and available operation – unavailability equal unsafety: - To be considered from the railway system’s point of view - Convergence between Safety & Cybersecurity & Physical safety 11 Prof. Dr. Marc ANTONI – September 2018
4 – ARGUS main results SAFETY Convergence RESILIENCE Need to be considered from the railway system’s CYBER PHYSICAL SECURITYpoint of view 12 Prof. Dr. Marc ANTONI – September 2018
4 – ARGUS main results > Witch issues are acceptable, which aren’t ? “Acceptable” and “Unacceptable” that is the question The consequences have to be considered differently Severity (1)Unacceptable border depending of the sub-network Where is the border ? The “Risk = Frequency x Severity” approach is not always acceptable for railways NOT Acceptable area (2)Risks have to be mitigated (3) Unacceptable rare events that have to be eradicated by design 13 Risk = frequency x severity Acceptable and assumed Risks How to estimate the “Frequency” ? An attack can be too much! Frequency (exposition to cyber attacks) Prof. Dr. Marc ANTONI – September 2018
4 – ARGUS main results > Safety and security have to be included in the Asset Management process of IMs an RUs The proposed process (at Asset management HQ level): - Network strategy (regarding Asset management, customers service level & Security) - Route strategy (idem) - Asset and architecture strategy (idem) by zone of business & defence - Requirements Internal (system design, tenders, procurement…) - Requirements external (suppliers, outsourced services. . . ) - Production services… 14 Prof. Dr. Marc ANTONI – September 2018
4 – ARGUS main results Technical and organisational measures whereby the desired SL can be achieved 1 – Examples generic design or mitigation choices Independent layers requiring different types of competence Design of signalling and networks in a common multitechnical team Implementing measures & solutions for "business continuity“ Preserving non-IT solution as much as possible 15 Prof. Dr. Marc ANTONI – September 2018
4 – ARGUS main results > Security is a never ending story > Measurements must be deployed to design, build, validate the security concept and our security efficiency other time > The Safety-Security management System is a part of the Asset management strategy 16 Publication the 1 rst July 2018 of the first UIC Guideline Prof. Dr. Marc ANTONI – September 2018
5 – On going works > This first UIC cyber security guideline will be completed by an IRS, a UIC professional standard to help the Railways to face security issues and define they own cyber strategy > It’s the objective of the “UIC Technical Security Expert Group” - all railways can participate - all suppliers or expert can express they opinion or advice > An other “UIC Narrow band Expert Group” work in parallel and focus more on the EM and FRMCS impacts 17 Prof. Dr. Marc ANTONI – September 2018
5 – On going works > UIC Technical Security Expert Group Orientation : - Positioning in complementarity of the works on going or done in the “normalisation” (SB) and “regulation” actors (ERA, States…) – focussing more on critical computerized systems Vision : regulation by states, authorities… Architecture : System approach, targets, specific acceptable (or not) risks, use of products on the shelf Railways driven for they own issues 18 Materials : Component, s-system, performances Norms – for industry in general, more suppliers driven Prof. Dr. Marc ANTONI – September 2018
5 – On going works > UIC Technical Security Expert Group Orientation : - To guide the railways to anticipate the security issues Security: operation degraded mode management increase the exposition for attacks Safety: security weakness can impact the safety level… To guide the railways to define they own cyber strategy for critical system regarding they own “type of business To guide the railways to drive they own architecture strategy … 19 Prof. Dr. Marc ANTONI – September 2018
6 – Perspectives • Major consequences of cyber attacks are a reality for all the railways & Railways cannot outsource these risks to suppliers! • Need of a continuous exchanges of best practices in order to manage the risks with a system point of view – UIC has a key role • Necessity of understanding (threats vs. weaknesses) between Signalling, Operation and Telecom actors for critical applications • Need of UIC Guideline and IRSs to define specific sets of mitigation measures depending of the acceptability or not of the possible consequences Join the Technical security Expert Group 20 Prof. Dr. Marc ANTONI – September 2018
Thank you for your kind attention Redundancy for resilience Two independent cab-signalling Prof. Dr. Marc Antoni UIC Rail System Director antoni@uic. org 21 Prof. Dr. Marc ANTONI – September 2018
- Slides: 21