Designing and Operating Safe and Secure Transit Systems: Assessing Current Practices in the United States and Abroad, MTI Report 04-05

Public transit systems around the world have for decades served as a principal venue for terrorist acts. Today, transit security is widely viewed as an important public policy issue and is a high priority at most large transit systems and at smaller systems operating in large metropolitan areas. Research on transit security in the United States has mushroomed since 9/11; this study is part of that new wave of research. This study contributes to our understanding of transit security by (1) reviewing and synthesizing nearly all previously published research on transit terrorism; (2) conducting detailed case studies of transit systems in London, Madrid, New York, Paris, Tokyo, and Washington, D.C.; (3) interviewing federal officials here in the United States responsible for overseeing transit security and transit industry representatives both here and abroad to learn about efforts to coordinate and finance transit security planning; and (4) surveying 113 of the largest transit operators in the United States. Our major findings include: (1) the threat of transit terrorism is probably not universal—most major attacks in the developed world have been on the largest systems in the largest cities; (2) this asymmetry of risk does not square with fiscal politics that seek to spread security funding among many jurisdictions; (3) transit managers are struggling to balance the costs and (uncertain) benefits of increased security against the costs and (certain) benefits of attracting passengers; (4) coordination and cooperation between security and transit agencies is improving, but far from complete; (5) enlisting passengers in surveillance has benefits, but fearful passengers may stop using public transit; (6) the role of crime prevention through environmental design in security planning is waxing; and (7) given the uncertain effectiveness of antitransit terrorism efforts, the most tangible benefits of increased attention to and spending on transit security may be a reduction in transit-related person and property crimes

Ensuring Cyber-Security in Smart Railway Surveillance with SHIELD

Modern railways feature increasingly complex embedded computing systems for surveillance, that are moving towards fully wireless smart-sensors. Those systems are aimed at monitoring system status from a physical-security viewpoint, in order to detect intrusions and other environmental anomalies. However, the same systems used for physical-security surveillance are vulnerable to cyber-security threats, since they feature distributed hardware and software architectures often interconnected by ‘open networks’, like wireless channels and the Internet. In this paper, we show how the integrated approach to Security, Privacy and Dependability (SPD) in embedded systems provided by the SHIELD framework (developed within the EU funded pSHIELD and nSHIELD research projects) can be applied to railway surveillance systems in order to measure and improve their SPD level. SHIELD implements a layered architecture (node, network, middleware and overlay) and orchestrates SPD mechanisms based on ontology models, appropriate metrics and composability. The results of prototypical application to a real-world demonstrator show the effectiveness of SHIELD and justify its practical applicability in industrial settings

Maximum risk reduction with a fixed budget in the railway industry

Decision-makers in safety-critical industries such as the railways are frequently faced with the complexity of selecting technological, procedural and operational solutions to minimise staff, passengers and third parties’ safety risks. In reality, the options for maximising risk reduction are limited by time and budget constraints as well as performance objectives. Maximising risk reduction is particularly necessary in the times of economic recession where critical services such as those on the UK rail network are not immune to budget cuts. This dilemma is further complicated by statutory frameworks stipulating ‘suitable and sufficient’ risk assessments and constraints such as ‘as low as reasonably practicable’. These significantly influence risk reduction option selection and influence their effective implementation. This thesis provides extensive research in this area and highlights the limitations of widely applied practices. These practices have limited significance on fundamental engineering principles and become impracticable when a constraint such as a fixed budget is applied – this is the current reality of UK rail network operations and risk management. This thesis identifies three main areas of weaknesses to achieving the desired objectives with current risk reduction methods as: Inaccurate, and unclear problem definition; Option evaluation and selection removed from implementation subsequently resulting in misrepresentation of risks and costs; Use of concepts and methods that are not based on fundamental engineering principles, not verifiable and with resultant sub-optimal solutions. Although not solely intended for a single industrial sector, this thesis focuses on guiding the railway risk decision-maker by providing clear categorisation of measures used on railways for risk reduction. This thesis establishes a novel understanding of risk reduction measures’ application limitations and respective strengths. This is achieved by applying ‘key generic engineering principles’ to measures employed for risk reduction. A comprehensive study of their preventive and protective capability in different configurations is presented. Subsequently, the fundamental understanding of risk reduction measures and their railway applications, the ‘cost-of-failure’ (CoF), ‘risk reduction readiness’ (RRR), ‘design-operationalprocedural-technical’ (DOPT) concepts are developed for rational and cost-effective risk reduction. These concepts are shown to be particularly relevant to cases where blind applications of economic and mathematical theories are misleading and detrimental to engineering risk management. The case for successfully implementing this framework for maximum risk reduction within a fixed budget is further strengthened by applying, for the first time in railway risk reduction applications, the dynamic programming technique based on practical railway examples

Space Weather and Rail: Findings and Outlook

Space weather caused by solar activity can disrupt and damage critical infrastructures in space and on the ground. Space-weather impacts to the power grid, aviation, communication, and navigation systems have already been documented. Since society relies increasingly on the services these critical infrastructures provide, awareness of the space weather threat needs to be increased and the associated risks assessed. While most research on impacts of space weather focuses on the power grid, the Global Navigation Satellite System (GNSS), and aviation, railway networks are also a potential area for concern. Anomalies in signalling systems have been observed during geomagnetic storms, and rail transport depends on power, communications, and progressively on GNSS for timing and positioning. In order to raise awareness of this topic, and to further explore the vulnerability of rail systems to space weather, the European Commission’s Joint Research Centre, the Swedish Civil Contingencies Agency, the UK Department for Transport, and the US National Oceanic and Atmospheric Administration jointly organised the “Space weather and rail” workshop in London on 16-17 September 2015. The workshop was attended by representatives from the railway sector, insurance, European and North American government agencies, academia, and the European Commission. This report presents the main findings and conclusions of this workshop.JRC.G.5-Security technology assessmen

Formulating a Strategy for Securing High-Speed Rail in the United States, Research Report 12-03

This report presents an analysis of information relating to attacks, attempted attacks, and plots against high-speed rail (HSR) systems. It draws upon empirical data from MTI’s Database of Terrorist and Serious Criminal Attacks Against Public Surface Transportation and from reviews of selected HSR systems, including onsite observations. The report also examines the history of safety accidents and other HSR incidents that resulted in fatalities, injuries, or extensive asset damage to examine the inherent vulnerabilities (and strengths) of HSR systems and how these might affect the consequences of terrorist attacks. The study is divided into three parts: (1) an examination of security principles and measures; (2) an empirical examination of 33 attacks against HSR targets and a comparison of attacks against HSR targets with those against non-HSR targets; and (3) an examination of 73 safety incidents on 12 HRS systems. The purpose of this study is to develop an overall strategy for HSR security and to identify measures that could be applied to HSR systems currently under development in the United States. It is hoped that the report will provide useful guidance to both governmental authorities and transportation operators of current and future HSR systems

Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1)

In 2014 NATO’s Center of Excellence-Defence Against Terrorism (COE-DAT) launched the inaugural course on “Critical Infrastructure Protection Against Terrorist Attacks.” As this course garnered increased attendance and interest, the core lecturer team felt the need to update the course in critical infrastructure (CI) taking into account the shift from an emphasis on “protection” of CI assets to “security and resiliency.” What was lacking in the fields of academe, emergency management, and the industry practitioner community was a handbook that leveraged the collective subject matter expertise of the core lecturer team, a handbook that could serve to educate government leaders, state and private-sector owners and operators of critical infrastructure, academicians, and policymakers in NATO and partner countries. Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency is the culmination of such an effort, the first major collaborative research project under a Memorandum of Understanding between the US Army War College Strategic Studies Institute (SSI), and NATO COE-DAT. The research project began in October 2020 with a series of four workshops hosted by SSI. The draft chapters for the book were completed in late January 2022. Little did the research team envision the Russian invasion of Ukraine in February this year. The Russian occupation of the Zaporizhzhya nuclear power plant, successive missile attacks against Ukraine’s electric generation and distribution facilities, rail transport, and cyberattacks against almost every sector of the country’s critical infrastructure have been on world display. Russian use of its gas supplies as a means of economic warfare against Europe—designed to undermine NATO unity and support for Ukraine—is another timely example of why adversaries, nation-states, and terrorists alike target critical infrastructure. Hence, the need for public-private sector partnerships to secure that infrastructure and build the resiliency to sustain it when attacked. Ukraine also highlights the need for NATO allies to understand where vulnerabilities exist in host nation infrastructure that will undermine collective defense and give more urgency to redressing and mitigating those fissures.https://press.armywarcollege.edu/monographs/1951/thumbnail.jp

Cyber-Physical Security Risk Assessment for Train Control and Monitoring Systems

SSV 2018, 1st International Workshop on System Security and Vulnerability, IEEE CNS Conference on Communications and Network Security, Pekin, CHINE, 30-/05/2018 - 01/06/2018Future railway systems should bring convenience to people's lives. In fact, due to the move away from bespoke stand- alone systems to open-platform, standardized equipments and increasing use of networked control and automation systems and connected technologies, the efficiency and the safety of railway services are improving. However, this dependence of automation, control and communication technologies makes railway systems becoming increasingly vulnerable to cyber-attacks and security threats which affects the overall performance. This paper deals with cybersecurity concerns facing these systems. As such, we analyse characteristics of railway threat landscape. Then, we discuss the direct impacts of the identified potential threats and their consequences on the whole system and we evaluate resulted risks. For space limitation, we choose to present the impact, likelihood and risk analysis for one functionality of the system, namely External Door control (EDC). Some good practices and related techniques for the development of safer, more comfortable, and more secure future railway systems are also discussed

Implementing Cybersecurity Measures in Transport Organisation

The Article describes the phases of implementing the necessary measures according to Cybersecurity Regulation for critical infrastructure and ISO 27032 standard. As a base for identification of the necessary measures in transport organization the risk assessment has been done. The Risk Management Methodology has been described as well as the results of the risk assessment. The main aspects of risk treatment with the most suitable measures for Cyber risks are identified. Also as very important aspect of protecting critical transport infrastructure we have identified the critical services and prepared business continuity plans. The main steps and results in providing the acceptable level of availability and opportunities for continuity are presented and explained.</p

Quarantine-mode based live patching for zero downtime safety-critical systems

150 p.En esta tesis se presenta una arquitectura y diseño de software, llamado Cetratus, que permite las actualizaciones en caliente en sistemas críticos, donde se efectúan actualizaciones dinámicas de los componentes de la aplicación. La característica principal es la ejecución y monitorización en modo cuarentena, donde la nueva versión del software es ejecutada y monitorizada hasta que se compruebe la confiabilidad de esta nueva versión. Esta característica también ofrece protección contra posibles fallos de software y actualización, así como la propagación de esos fallos a través del sistema. Para este propósito, se emplean técnicas de particionamiento. Aunque la actualización del software es iniciada por el usuario Updater, se necesita la ratificación del auditor para poder proceder y realizar la actualización dinámica. Estos usuarios son autenticados y registrados antes de continuar con la actualización. También se verifica la autenticidad e integridad del parche dinámico. Cetratus está alineado con las normativas de seguridad funcional y de ciber-seguridad industriales respecto a las actualizaciones de software.Se proporcionan dos casos de estudio. Por una parte, en el caso de uso de energía inteligente, se analiza una aplicación de gestión de energía eléctrica, compuesta por un sistema de gestión de energía (BEMS por sus siglas en ingles) y un servicio de optimización de energía en la nube (BEOS por sus siglas en ingles). El BEMS monitoriza y controla las instalaciones de energía eléctrica en un edificio residencial. Toda la información relacionada con la generación, consumo y ahorro es enviada al BEOS, que estima y optimiza el consumo general del edificio para reducir los costes y aumentar la eficiencia energética. En este caso de estudio se incorpora una nueva capa de ciberseguridad para aumentar la ciber-seguridad y privacidad de los datos de los clientes. Específicamente, se utiliza la criptografía homomorfica. Después de la actualización, todos los datos son enviados encriptados al BEOS.Por otro lado, se presenta un caso de estudio ferroviario. En este ejemplo se actualiza el componente Euroradio, que es la que habilita las comunicaciones entre el tren y el equipamiento instalado en las vías en el sistema de gestión de tráfico ferroviario en Europa (ERTMS por sus siglas en ingles). En el ejemplo se actualiza el algoritmo utilizado para el código de autenticación del mensaje (MAC por sus siglas en inglés) basado en el algoritmo de encriptación AES, debido a los fallos de seguridad del algoritmo actual

Towards the Internet of Smart Trains: A Review on Industrial IoT-Connected Railways

[Abstract] Nowadays, the railway industry is in a position where it is able to exploit the opportunities created by the IIoT (Industrial Internet of Things) and enabling communication technologies under the paradigm of Internet of Trains. This review details the evolution of communication technologies since the deployment of GSM-R, describing the main alternatives and how railway requirements, specifications and recommendations have evolved over time. The advantages of the latest generation of broadband communication systems (e.g., LTE, 5G, IEEE 802.11ad) and the emergence of Wireless Sensor Networks (WSNs) for the railway environment are also explained together with the strategic roadmap to ensure a smooth migration from GSM-R. Furthermore, this survey focuses on providing a holistic approach, identifying scenarios and architectures where railways could leverage better commercial IIoT capabilities. After reviewing the main industrial developments, short and medium-term IIoT-enabled services for smart railways are evaluated. Then, it is analyzed the latest research on predictive maintenance, smart infrastructure, advanced monitoring of assets, video surveillance systems, railway operations, Passenger and Freight Information Systems (PIS/FIS), train control systems, safety assurance, signaling systems, cyber security and energy efficiency. Overall, it can be stated that the aim of this article is to provide a detailed examination of the state-of-the-art of different technologies and services that will revolutionize the railway industry and will allow for confronting today challenges.Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; ED431C 2016-045Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; ED341D R2016/012Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; ED431G/01Agencia Estatal de Investigación (España); TEC2013-47141-C4-1-RAgencia Estatal de Investigación (España); TEC2015-69648-REDCAgencia Estatal de Investigación (España); TEC2016-75067-C4-1-