Cyber Security in the Rail Sector - An Integrated Approach

Abstract

This paper presents a modelling framework for complex ICS and railway systems that enables an automated analysis of threats. The aim of this framework is to discover and explore complex attack paths through these inter-connected system architectures, making it possible to assess the risk to particular assets, test new strategies for mitigating risks, and supporting asset owners to understand their systems through integrated architecture assessments. Existing frameworks allow system owners to identify maximal strategies to protect their systems against particular attacks, however, they do not allow the asset owner to discover threat propagation and rank threats to their system, or require the system owner to determine the risk probabilities themselves. We employ probabilistic analysis using the CVSS framework, allowing system owners to concentrate on defining their architectures, rather than deriving potentially incorrect values of risk to their system. The results of the tool can be used to provide assurance and prioritise security improvements to a system. We provide an extensive example of our tool in use, modelling the security of the ERTMS Rail Signalling Standards and on-board train systems.

Slides

This paper will be presented at the 13th World Congress on Railway Research (WCRR 2022).

• Slides: wcrr_slides.pdf.
• Interactive Poster: wcrr_poster.pdf

Tools

We have published the SCEPTICS Modelling tool that supports this publication for the research community to use - please visit our GitHub Repository.