Challenges in Securing Railway Signalling CyberSecurity4Rail Conference DB Netz AG Christian Schlehuber I.NPS 5 Brüssel

Size: px

Start display at page:

Download "Challenges in Securing Railway Signalling CyberSecurity4Rail Conference DB Netz AG Christian Schlehuber I.NPS 5 Brüssel"

Janel Stokes
6 years ago
Views:

1 Challenges in Securing Railway Signalling CyberSecurity4Rail Conference 2017 DB Netz AG Christian Schlehuber I.NPS 5 Brüssel

2 Agenda Introduction New Features New Threats Domain-specific challenges 4. Security for Safety & Lessons learned 5. Conclusion 2 DB Netz AG Christian Schlehuber I.NPS

Introduction Railway (in Germany) Biggest business premises in Germany with public access 5,700 Stations (in Germany) as gate to railway transportation 33,500 km

3,300 interlockings 1,323 electronic interlockings (ESTW) Main Objective: Safe railway operation Strong regulations of technical installations (according Safety)

3 Introduction Railway (in Germany) Biggest business premises in Germany with public access 5,700 Stations (in Germany) as gate to railway transportation 33,500 km rail network 48,800 heated railway switches (of 70,000 total) Approx. 3,300 interlockings 1,323 electronic interlockings (ESTW) Main Objective: Safe railway operation Strong regulations of technical installations (according Safety) EN (Reliability, Availability, Maintainability, Safety RAMS) EN (Software for safety systems) EN (Communication) Etc. National Safety Authority has to grant admission for every interlocking 3 DB Netz AG Christian Schlehuber I.NPS

Motivation Railway transport significantly contributes to our society s mobility and economy Railway is considered as Critical Infrastructure in many countries (including Germany) and the European

4 Motivation Railway transport significantly contributes to our society s mobility and economy Railway is considered as Critical Infrastructure in many countries (including Germany) and the European Union In Germany TEN-T Corridors categorized as critical Failures would result in disruption of public safety and security as well as supply shortages 4 DB Netz AG Christian Schlehuber I.NPS

5 New Features ESTW-NeuPro (DSTW) eulynx 5 DB Netz AG Christian Schlehuber I.NPS

6 New Threats ESTW-NeuPro (DSTW) eulynx 6 DB Netz AG Christian Schlehuber I.NPS

Current Architecture Design Operating Center Security

7 Current Architecture Design Operating Center Security Center Central PKI Diagnosis SDI-DS admin Crypto Network Monitoring WAN Neighbor Tech.Center Technology Center ETCS Interlocking System Aux. Systems (Doc.) LST-LAN Interlocking System RBC LAN Field Element Area Field Element Area 7 DB Netz AG Christian Schlehuber I.NPS

safety) Loss of admission o/w Laws and Regulations Directive on Network and

8 Domain Specific Requirements Homologation (admission) through National Safety Authority Takes months or years Freedom of interference (between security and safety) Loss of admission o/w Laws and Regulations Directive on Network and Information Security (NIS) German IT Security Act 8 DB Netz AG Christian Schlehuber I.NPS

9 Domain Specific Requirements Standards Source: IEC Draft Guide 120 Edition 1 Safety EN EN EN EN Security IEC DB Netz AG Christian Schlehuber I.NPS

10 Security for Safety Shell Concept 10 DB Netz AG Christian Schlehuber I.NPS

11 Required Security Applications Authentication and key exchange Reaction to critical events Secure asset and configuration management Safety Data logging and aggregation Physical access detection Data filtering 11 DB Netz AG Christian Schlehuber I.NPS

12 Security-Applied Design Operating Center Security Center AD AAA SIEM SIEM NTP NTP DNS Central PKI DNS PKI Crypto Diagnosis SDI-DS Network Monitoring admin WAN Neighbor Tech. Center Technology Center ETCS ESTW-ZE Interlocking System Aux. Systems (Doc.) NG-FW(ALG) MDM RBC Field Element Area WAN Field Element Area FeAk Housing Alerts Object Controller FeAk Housing Alerts Object Controller FeAk Housing Alerts Object Controller FeAk Housing Alerts Object Controller 12 DB Netz AG Christian Schlehuber I.NPS

13 (Remaining) Challenges Vulnerability Analysis and recommendations Is knowledge about the systems available? Can the Recommendations be implemented? Preventive Vulnerability Scanning Is my system capable of a scan? Penetration Testing May the test result in outages? Staff Training and Awareness Is our staff capable to understand cyber security? Forensic Analysis Analysis vs. Fast Recovery 13 DB Netz AG Christian Schlehuber I.NPS

14 Lessons Learned: Shell is not the end of the road Safety and Security Departments worked parallel with minimum interaction Safety and Security performed own analyses, estimated impacts and derived requirements The result works, but it was discovered, that duplicate work was done Current ongoing investigations on how much the new Security process can be integrated in our wellestablished Safety process Vulnerability vs. Hazard Safety Requirements vs. Security Requirements 14 DB Netz AG Christian Schlehuber I.NPS

15 Lessons Learned System Definition, phase 2 System exploits IT-Security Threats Tolerable Hazard Rate THR (Design Targets) Design Targets (DT) by legal framework causes Hazards Risk Analysis Safety, phase 3 Reliability Risk Analysis Availability Maintainability influences Vulnerability increase of Security Level (SL) (IEC 62443) reduces map to FR1 FR2 FR3 FR4 FR5 FR6 FR7 Foundational Requirements System Requirements, phase 4 part of Resulting SIL on system level Final breakdown of independent safety functions and TFFR / SIL allocation per function, phase 5 System, phase 6 EN EN EN EN International Standards IEC ff IEC ff EN DB Netz AG Christian Schlehuber I.NPS

16 Thank you for your attention

Development of a new security architecture for signalling at DB Netz AG Intelligent Rail Summit 2017

Development of a new security architecture for signalling at DB Netz AG Intelligent Rail Summit 2017 DB Netz AG Christian Schlehuber I.NPS 5 Vienna 2017-11-29 Agenda 1. 2. 3. Introduction New Features