Abstract
Connected and intelligent railway technologies like the Euro-pean Rail Traffic Management System (ERTMS) introduce new risks in cybersecurity. Threat modeling is a building block in security engineering that identifies potential threats in order to define corresponding mitigation. In this paper, we show how to conduct threat modeling for railway security analysis during a development life cycle based on IECĀ 62443. We propose a practical and efficient approach to threat modeling, extending existing tool support and demonstrating its applicability and feasibility.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
i.e. the section on the tracks which is pre-approved for the train.
References
Securing Control and Communications Systems in Rail Transit Environments Part II: Defining a Security Zone Architecture for Rail Transit and Protecting Critical Zones. RECOMMENDED PRACTICE APTA-SS-CCS-RP-002-13, American Public Transportation Association, June 2013
Common Methodology for Information Technology Security Evaluation. Technical report, CCMB-2017-04-004, April 2017
IEC 62443 Security for industrial automation and control systems - Part 3-2: Security risk assessment and system design. Committee Draft for Vote (CDV) IEC 62443-3-2 ED1, France (2018)
Bloomfield, R., Bendele, M., Bishop, P., Stroud, R., Tonks, S.: The risk assessment of ERTMS-based railway systems from a cyber security perspective: methodology and lessons learned. In: Lecomte, T., Pinger, R., Romanovsky, A. (eds.) RSSRail 2016. LNCS, vol. 9707, pp. 3ā19. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33951-1_1
Braband, J.: Towards an IT Security Framework for Railway Automation. Toulouse, February 2014
CENELEC: EN 50159:2010: Railway applications - communication, signalling and processing systems - safety-related communication in transmission systems
CENELEC, European Committee for Electrotechnical Standardization: EN 50128 Railway applications - Communication, signalling and processing systems - Software for railway control and protection systems (2011)
DKE Deutsche Kommission Elektrotechnik Elektronik Informationstechnik: Electric signalling systems for railways ā Part 104: IT Security Guideline based on IEC 62443 (2014)
European Committee for Standardization: EN 50126ā1 Railway applications - The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) - Part 1: Basic requirements and generic process (2010)
European Committee for Standardization: EN 50129, Railway applications - Communication, signalling and processing systems - Safety related electronic systems for signalling (2010)
He, R., et al.: High-speed railway communications: from GSM-R to LTE-R. IEEE Veh. Technol. Mag. 11(3) (2016). https://doi.org/10.1109/MVT.2016.2564446. http://ieeexplore.ieee.org/document/7553613/
Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)
International Electrotechnical Commission: IEC 62443: Industrial communication networks - Network and system security
Karahasanovic, A., Kleberger, P., Almgren, M.: Adapting Threat Modeling Methods for the Automotive Industry, p. 11 (2017)
Koramis, Sophos: Whitepaper Project HoneyTrain. Technical report, September 2015
Lopez, I., Aguado, M.: Cyber security analysis of the European train controlsystem. IEEE Commun. Mag. 53(10), 110ā116 (2015)
Ma, Z., Schmittner, C.: Threat modeling for automotive security analysis. Adv. Sci. Technol. Lett. 139, 333ā339 (2016)
Microsoft: Microsoft Threat Modeling Tool (2016). https://www.microsoft.com/en-us/download/details.aspx?id=49168
Microsoft - SDL Team: Introducing Microsoft Threat Modeling Tool 2014 (2014). https://www.microsoft.com/security/blog/2014/04/15/introducing-microsoft-threat-modeling-tool-2014/
Meland, P.H., Spampinato, D.G., Hagen, E., Baadshaug, E.T.: SeaMonster: providing tool support for security modeling, p. 10 (2008)
Rong, H., Liu, W.: Development and research of train operation control system and safety computer platform based on COTS. BoletĆn TĆ©cnico 55(18), 7 (2017)
Strobl, S., Hofbauer, D., Schmittner, C., Maksuti, S., Tauber, M., Delsing, J.: Connected carsāthreats, vulnerabilities and their impact. In: 2018 IEEE Industrial Cyber-Physical Systems (ICPS), pp. 375ā380. IEEE (2018)
unife: From Trucks to Trains - How ERTMS Helps Making Rail Freight More Competitive (2018)
Winther, R., Johnsen, O.-A., Gran, B.A.: Security assessments of safety critical systems using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, pp. 14ā24. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45416-0_2
Yi, S., Wang, H., Ma, Y., Xie, F., Zhang, P., Di, L.: A safety-security assessment approach for communication-based train control (CBTC) systems based on the extended fault tree. In: 2018 27th International Conference on Computer Communication and Networks (ICCCN), pp. 1ā5. IEEE (2018)
Acknowledgments
This work is partially supported by the ECSEL projects Productive4.0 and SECREDAS (contract no. 737459, 783119) and Austrian Research Promotion Agency (FFG).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Schmittner, C. et al. (2019). Threat Modeling in the Railway Domain. In: Collart-Dutilleul, S., Lecomte, T., Romanovsky, A. (eds) Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification. RSSRail 2019. Lecture Notes in Computer Science(), vol 11495. Springer, Cham. https://doi.org/10.1007/978-3-030-18744-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-18744-6_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18743-9
Online ISBN: 978-3-030-18744-6
eBook Packages: Computer ScienceComputer Science (R0)