Presentation is loading. Please wait.

Presentation is loading. Please wait.

Urban Rail Signalling (URS)

Published byMelvyn Hodges Modified over 7 years ago

Similar presentations

Presentation on theme: "Urban Rail Signalling (URS)"— Presentation transcript:

1 Urban Rail Signalling (URS)
Digitalization in Urban Transport - A Cybersecurity Approach to connected Urban Transport Urban Rail Signalling (URS)

2 Agenda Overview of the Cybersecurity Threat Landscape – Why cybersecurity has become so critical Cybersecurity Engineering Assurance – What are we doing about it Thales Secure By Design – CBTC Cybersecurity Solution

3 The Cybersecurity Landscape – Cyberattacks on the Rise
2004 2015 2010 getting bigger attacks are The Interactive website, please write down the link – ability to filter breaches re: vertical or inside or outside attackers. This is over 10 year view – more red is indication of attacks – bad guys getting smarter and more prevelant.

4 The Cybersecurity Landscape – Sophistication of attacks …

5 The Cybersecurity Landscape – Signaling Networks Breaches
The “Tip of the Iceberg”: January 2008: a teenage hacked into a Polish tram system using an adapted television remote control, derailing four vehicles as a prank. 12 people were injured in one such derailment. The boy had trespassed at tram depots to gather information and equipment. December 2011: a Pacific Northwest transportation entity reported that hackers remotely attacked computers from three IPs, disrupting railway signals for two days. July 2012: At DefCon, MIT researchers presented a series of steps against wireless access points and antennas that yielded the theft of an invalid certificates and Siemens login credentials. The team also cloned RFID badges of transportation staff. May 2015: System passwords attached on top of a station controller’s monitor at one of London’s busiest railway stations were exposed to TV viewers during a BBC documentary broadcast. October 2015: North Korea is suspected of hacking into a Seoul subway operator in 2014 for several months. Over terminals of control centre and power supplier employees were infected with 58 instances of malware. operator/articleshow/ cms Many instances involve software/hardware updates being shipped out by suppliers with malware embedded

6 Rail Incident – a real case story...

7 OT/Signaling Networks Breaches – Common Challenges
Common challenges and vulnerabilities in protecting ICS environments Use of shared accounts and root passwords – never changed Weak antivirus and malware protection for maintenance equipment Disperse geographically – subject to hybrid attacks (access to internal switch) Deficient hardening and host security Lack of vulnerability management for critical issues – i.e. self propagating warm (wanncry) Insecure external interfaces via customer corporate network – only firewall protected Lack of monitoring and auditing – no real time detection Lack of internal segmentation between security zones – e.g. vital vs non-vital Insufficient and untested disaster recovery procedures to re-established minimal operations in case of major breach Lack of ongoing support with supplier for upgrades

8 OT/Signaling Networks Breaches – Opportunities
It is NOT all gloom and doom … OT networks are predictable (may be unknown but predictable and deterministic) Access to Internet is limited – typically no browsing or Safety protection provide a strong additional layer

9 Cybersecurity Threats – What does it mean to the CBTC?
Safety Protection against EN 50159Threats: Repetition, Masquerading, etc. Integrity Confidentiality Availability Security Objectives Prevent Impact to operations (localized virus infection) to complete shutdown (e.g. self propagating worm, full hacking compromise) Protect Thales and customer reputation and public trust

10 What Are We Doing About it?
Cybersecurity Engineering Assurance Process Adopting Cybersecurity Standards Defining Policy and Procedures Secure by Design Building Cybersecurity Building Blocks Developing Deployment Patterns

11 Cybersecurity Assurance – Adopting Cybersecurity Standards
Transportation Systems

12 Cybersecurity Assurance – IEC Standard Framework
Transportation Systems

13 Cybersecurity Assurance – Cybersecurity Engineering Process

14 Cybersecurity Product Policy
Delivered safe and secure system Thales CBTC Safe and Secure Design Principle Network Architecture Segregation trusted and untrusted networks Wireless Architecture Frequency-hopping Spread Spectrum Secure authentication at radio frequency layer End to end channel encryption Security Architecture Embedded resilient process and procedure Malware monitoring and protection Thales CBTC Safe and Secure Design Principle Operations Enhancements CBTC Security Baseline Implementation Rail SIEM (rSIEM) Onboard Internet Security Device (OISD) NIDS Enhancing Cybersecurity Operations Rail Security Information & Event Management NIDS On-going patching Onboard Internet Security Device

15 Defense-in-Depth Security Architecture – Resiliency Enhancement
The following cybersecurity design principles are being applied to the development of Transport cybersecurity controls: Defense in Depth – Multiple layers of defense are applied. Even if a layer of defense is breached, e.g. due to a zero-day-vulnerability the system will be resilient and prevent a cybersecurity breach Incorporate Preventive, Detective, and Recovery Controls – To succeed in addressing today’s sophisticated cybersecurity attacks, the security solution must incorporate strong preventive mechanisms but also the ability to detect and quickly recover from cybersecurity attacks without affecting safety and system availability Design Patterns – Use of proven design patterns and protocols when available. We leverage tools and techniques that are de-facto industry standards Risk based Approach – Subsystem requirements, and design trade-off are based on cost benefit analysis from threat and risk assessments

16 Secure Signalling System – Establishing Security Zones and Conduits

17 7 Cyber Defense Strategies for Control Systems
Based on the incidents reported to ICS-CERT, the percentage of reported incidents in FY /15 that can be mitigated by each strategy to counter common exploitable weakness in “as-built” control systems is concluded as below : 1 2 3 4 5 6 7 Source: Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) FY14/15 reported incidents research

18 7 Cyber Defense Strategies for Control Systems
Strategy #1 – Application Whitelisting (AWL) Due to static nature of ICS systems (e.g. database and HMI) AWL would be able detect and prevent attempted execution of malware uploaded Baseline and calibrate ICS application environment for AWL Strategy #2 – Ensure Proper Configuration / Patch Management Ensure accurate baseline and asset inventory to track what patches are needed Prioritize patching and configuration management of “PC-architecture” machines used in HMI, database server, and engineering workstation roles Program to ensure “clean” vendor laptops Strategy #3 – Reduce Attack Surface Area Port lockdown (USB and network) and disable unused services Isolation from untrusted networks Single open port over restricted network path for bi-directional communications to external network

19 7 Cyber Defense Strategies for Control Systems (cont’d)
Strategy #4 – Build a Defendable Environment Logical network segregation and restrict host-to-host communication paths across segments Approved removable media instead of a network connection for one-way data transfer from a secure zone to a less secure zone Data-diode for real-time data replication requirements Strategy #5 – Manage Authentication Implement multi-factor authentication for privileged access Separate credentials for corporate and control networks Store corporate and control network credentials in separate trust stores Strategy #6 – Secure Remote Access Limit remote access to monitoring only” access enforced by data diodes Same remote access paths to be used for vendor and employee connections (e.g 2 factor authentication) Remote access to be operator controlled

20 7 Cyber Defense Strategies for Control Systems (cont’d)
Strategy #7 – Monitor and Respond Establish monitoring procedures at following key areas: IP traffic on control systems boundaries for abnormal or suspicious communications IP traffic within the control network for malicious connections or content Host-based products to detect malicious software and attack attempts Login analysis (time and place for example) to detect stolen credential usage or improper access, verifying all anomalies with quick phone calls (e.g normal threshold to be pre-determined) Account/user administration actions to detect access control manipulation Response plans and procedures: Disconnecting affected network Scoped search for malware, Disabling affected user accounts Isolating suspect systems Immediate 100 percent password reset Escalation triggers and actions (including incident response, investigation, and public affairs activities) Updated “Gold Disks” to restore system to last known good states

21 Thales Cybersecurity Solutions
▌ Secure Gateway (SG) – Provides secure application level filtering for interfacing with external system such as SCADA and PIS ▌ Security Information and Event Management Solution (SIEM) – Provide logging and monitoring services and threat detection and prevention (multi- layer): cyberattacks, malware. A searchable central log repository with alerting capabilities to the NMS ▌ Onboard Internet Security Device (OISD) – Additional SD (Encryption) functions such as multi-layer firewall and Hosting Intrusion Detection Prevention and remote logging to protect against public wireless networks

22 Secure Interface Gateway - Functions
Thales’ SIG is a customizable software solution that provides message-level validation, filtering and logging for external interfaces Key security functionalities include: Multi-layer packet filtering – Optional built-in Demilitarized Zone (DMZ) and packet filtering capabilities for single box deployment Authentication and Authorization – Full external system authentication and authorization before any message is processed Parameters Whitelisting – Only pre-defined messages and parameters are allowed into the network with full schema validation Remote logging and Monitoring – e.g. sending security events to syslog, Network Management System and Security Information Event Management

23 Secure Interface Gateway – Strategy
Thales Secure Interface Gateway effectively implements the US Homeland Security Department’s seven strategies for defending Industrial Control Systems (ICS), in comparison with standard firewalls

24 Rail Security Information and Event Management (rSIEM) – Functions
The rSIEM provides real-time information about security-related events in the network. It collates security information in a central database and through a set of rules help operator determine appropriate responses rSIEM provides the tools to see exactly what is happening within your systems; what information is entering, where it is coming from and how it can be blocked Function Highlights: Tuned for Transport data and signalling networks, resulting in deterministic alerts and minimal false positives. rSIEM is a scalable, secure, programmable, operations- proof and intuitive platform. The solution provides a repository of data which is a great source of information for big analytic algorithms and machine learning capabilities

25

26 Rail Security Information and Event Management (rSIEM) – Strategy
Thales’ engineering expertise allows us to design systems that are dependable, precise and deterministic with minimal false positives. Our solutions feature intuitive, easy-to-use and operation-friendly interfaces. Leverage our expertise to protect your networks. Thales rSIEM effectively implements the US Homeland Security Department’s seven strategies for defending Industrial Control Systems (ICS).

27 Onboard Internet Security Device (OISD)
Regular heartbeats – A regular health heartbeat with a configurable period is dispatched to the logging system. This heartbeat includes critical resource states and the results of an at- boot check for system integrity. This feature can be extended to report the results of any future additions to the boot integrity check. Process whitelist – The system process table is monitored for any process that does not match the whitelist and the results are reported to the logging system. File change alerts – All critical files are monitored for changes and—because there should never be a change during normal operations—anything out of the ordinary is reported to the logging system. Removable media alerts – The system is monitored for removable media such as flash drives. Mounts are reported to the logging system. Packet filtering – Strict packet filtering is enforced on both Central Processing Units (CPU) denying everything but the traffic that is designed for the system. The CPU behind the public interface does not report denies. The CPU behind the private interface does.

28 Onboard Internet Security Device (OISD) – Strategy
Thales Onboard Internet Security Device effectively implements the US Homeland Security Department’s seven strategies for defending Industrial Control Systems (ICS)

29 Securing Transportation In The Digital And Mobile Environment
Ensuring cybersecurity and the ability to leverage public networks in a secure way is key to digitalization of Transportation. Examples Include: Remote ATS Terminal – web browser viewing of status information Light Client – Use of tablets by maintainers Use of WiMAX and LTE as a secondary link to the private wireless network Cloud Computing Performing regular “security” health checks Risk assessment and remediation of existing installed base – if the systems are still secure Monitoring, patching of Internet facing systems Deploy cybersecurity monitoring solutions, and services

30 Cybersecurity Assurance – Security Operating Conditions
In order to operate the system securely the following conditions must be followed as per the operating procedures Physical security of CBTC equipment is maintained Identity and access management procedures are applied Patching management procedures are applied to critical systems (edge devices) Monitoring and incident response procedures are established Anti-virus signatures are updated regularl

31 Cybersecurity Assurance – Cybersecurity Operating Conditions
OC # Controls Thales can assist with 5.1.1 Policies for information security 5.1.2 Review of the policies for information security 6.1.1 Information security roles and responsibilities 6.1.2 Segregation of duties 9.2.5 Review of user access rights 9.2.6 Removal or adjustment of access rights 9.3.1 Use of secret authentication information 16.1.1 Responsibilities and procedures 16.1.2 Reporting information security events 16.1.3 Reporting information security weaknesses 16.1.4 Assessment of and decision on information security events 16.1.5 Response to information security incidents 16.1.6 Learning from information security incidents 16.1.7 Collection of evidence Thales can offer the services to provide templates to the client to assist with the development of these controls OC # Control client is responsible for 6.1.3 Contact with authorities 11.2.5 Removal of assets 6.1.4 Contact with special interest groups 11.2.6 Security of equipment and assets off premises 6.1.5 Information security in project management 11.2.7 Secure disposal or reuse of equipment 7.1.1 Screening 11.2.8 Unattended user equipment 7.1.2 Terms and conditions of employment 11.2.9 Clear desk and clear screen policy 7.2.1 Management responsibilities 12.1.2 Change management 7.2.2 Information security awareness, education and training 12.1.4 Separation of development, testing and operational environments 7.2.3 Disciplinary process 12.7.1 Information systems audit controls 7.3.1 Termination or change of employment responsibilities 13.1.2 Security of network services 8.1.2 Ownership of assets 13.2.1 Information transfer policies and procedures 8.1.3 Acceptable use of assets 13.2.2 Agreements on information transfer 8.2.1 Classification of information 13.2.4 Confidentiality or non-disclosure agreements 8.2.2 Labelling of information 14.1.2 Securing application services on public networks 8.2.3 Handling of assets 14.1.3 Protecting application services transactions 11.1.1 Physical security perimeter 15.1.1 Information security policy for supplier relationships 11.1.2 Physical entry controls 15.1.2 Addressing security within supplier agreements 11.1.3 Securing offices, rooms and facilities 15.1.3 Information and communication technology supply chain 11.1.4 Protecting against external and environmental threats 15.2.1 Monitoring and review of supplier services 11.1.5 Working in secure areas 15.2.2 Managing changes to supplier services 11.1.6 Delivery and loading areas 18.1.1 Identification of applicable legislation and contractual requirements 11.2.1 Equipment siting and protection 18.1.2 Intellectual property rights 11.2.2 Supporting utilities 18.1.3 Protection of records 11.2.3 Cabling security 18.1.4 Privacy and protection of personally identifiable information 11.2.4 Equipment maintenance 18.1.5 Regulation of cryptographic controls

32 Challenges and Opportunities – Connectivity and Innovation Needs
It is all about enabling the business Supporting the next generation of connectivity and product features CBTC new features and innovation depend upon cybersecurity and the ability of leveraging public networks in a secure way. Examples Include: Remote ATS Terminal – web browser viewing of status information Light Client – Use of tablets by maintainers Use of WiMAX and LTE as a secondary link to the private wireless network Cloud Computing Supporting Clients High Assurance Needs Risk assessment and remediation of existing install base – are the systems still secure? Providing supporting services – e.g. monitoring, patching of Internet facing systems

33 Wherever safety and security are critical, Thales delivers
Thank You Wherever safety and security are critical, Thales delivers

Download ppt "Urban Rail Signalling (URS)"

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Security Controls – What Works

Security Controls – What Works
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security fundamentals Topic 10 Securing the network perimeter.

Security fundamentals Topic 10 Securing the network perimeter.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Similar presentations

Ads by Google