Advertisement

The Risk Assessment of ERTMS-Based Railway Systems from a Cyber Security Perspective: Methodology and Lessons Learned

  • Robin Bloomfield
  • Marcus Bendele
  • Peter Bishop
  • Robert Stroud
  • Simon Tonks
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9707)

Abstract

The impact that cyber issues might have on the safety and resilience of railway systems has been studied for more than five years by industry specialists and government agencies. This paper presents some of the work done by Adelard in this area, ranging from an analysis of potential vulnerabilities in the ERTMS specifications through to a high-level cyber security risk assessment of a national ERTMS implementation and detailed analysis of particular ERTMS systems on behalf of the GB rail industry. The focus of the paper is on our overall methodology for security-informed safety and hazard analysis. Lessons learned will be presented but of course our detailed results remain proprietary or sensitive and cannot be published.

Keywords

Security assessment Safety-critical systems Security-informed safety ERTMS Railway signaling systems 

Notes

Acknowledgements

We are grateful to our sponsors for their permission to publish this summary of our work over the last five years. We would also like to acknowledge the contribution of Richard Bloomfield and Ilir Gashi to our initial analysis of the ERTMS specifications.

References

  1. 1.
    Bloomfield, R., Bloomfield, R., Gashi, I., Stroud, R.: How secure is ERTMS? In: Ortmeier, F., Daniel, P. (eds.) SAFECOMP Workshops 2012. LNCS, vol. 7613, pp. 247–258. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Network Rail, Strategic Business plan for 2014/2019, January 2013Google Scholar
  3. 3.
    Wikipedia, Eschede train disaster. http://en.wikipedia.org/wiki/Eschede_train_disaster
  4. 4.
    Wikipedia, Amagasaki rail crash. http://en.wikipedia.org/wiki/Amagasaki_rail_crash
  5. 5.
    Wikipedia, Santiago de Compostela derailment. http://en.wikipedia.org/wiki/Santiago_de_Compostela_derailment
  6. 6.
  7. 7.
    SESAMO – Security and Safety Modelling, ARTEMIS Embedded Computing Systems Initiative 2011, Project Number 295354, May 2012Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Robin Bloomfield
    • 1
  • Marcus Bendele
    • 1
  • Peter Bishop
    • 1
  • Robert Stroud
    • 1
  • Simon Tonks
    • 2
  1. 1.Adelard LLPLondonUK
  2. 2.Porterbrook Leasing CompanyDerbyUK

Personalised recommendations