A Security Architecture for Railway Signalling
We present the proposed security architecture Deutsche Bahn plans to deploy to protect its trackside safety-critical signalling system against cyber-attacks. We first present the existing reference interlocking system that is built using standard components. Next, we present a taxonomy to help model the attack vectors relevant for the railway environment. Building upon this, we present the proposed “compartmentalized” defence concept for securing the upcoming signalling systems.
Research supported in part by EC CIPSEC GA 700378.
- 1.CENELEC: EN 50126: Railway applications - The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) (1999)Google Scholar
- 2.DKE: Elektrische Bahn-Signalanlagen - Teil 104: Leitfaden für die IT-Sicherheit auf Grundlage der IEC 62443 (DIN VDE V 0831-104) (2014)Google Scholar
- 3.DKE: Electric signalling systems for railways - Part 200: Safe transmission protocol according to DIN EN 50159 (DIN VDE V 0831-200) (2015)Google Scholar
- 5.Howard, J.D., Longstaff, T.A.: A common language for computer security incidents. Technical report SAND98-8667, Sandia Natl Lab, (1998). doi: 10.2172/751004
- 6.Intl. Electrotechnical Commission: IEC 62443 Industrial communication networks - Network and system security. IEC 62443, November 2010Google Scholar
- 8.Simmons, C., Shiva, S., Bedi, H., Dasgupta, D.: Avoidit: A cyber attack taxonomy. In: Annual Symposium on Information Assurance, pp. 2–12 (2014)Google Scholar
- 9.Weber, D.J.: A taxonomy of computer intrusions. Ph.D. thesis, MIT (1998)Google Scholar