Development of a new security architecture for signalling at DB Netz AG Intelligent Rail Summit 2017

Size: px

Start display at page:

Download "Development of a new security architecture for signalling at DB Netz AG Intelligent Rail Summit 2017"

Poppy Henderson
6 years ago
Views:

1 Development of a new security architecture for signalling at DB Netz AG Intelligent Rail Summit 2017 DB Netz AG Christian Schlehuber I.NPS 5 Vienna

2 Agenda Introduction New Features New Threats Domain-specific challenges 4. Security for Safety 2 DB Netz AG Christian Schlehuber I.NPS

Introduction Railway (in Germany) Biggest business premises in Germany with public access 5,700 Stations (in Germany) as gate to railway transportation 33,500 km

3,300 interlockings 1,323 electronic interlockings (ESTW) Main Objective: Safe railway operation Strong regulations of technical installations (according Safety)

3 Introduction Railway (in Germany) Biggest business premises in Germany with public access 5,700 Stations (in Germany) as gate to railway transportation 33,500 km rail network 48,800 heated railway switches (of 70,000 total) Approx. 3,300 interlockings 1,323 electronic interlockings (ESTW) Main Objective: Safe railway operation Strong regulations of technical installations (according Safety) EN (Reliability, Availability, Maintainability, Safety RAMS) EN (Software for safety systems) EN (Communication) Etc. National Safety Authority has to grant admission for every interlocking 3 DB Netz AG Christian Schlehuber I.NPS

Motivation Railway transport significantly contributes to our society s mobility and economy Railway is considered as Critical Infrastructure in many countries (including Germany) and the European

4 Motivation Railway transport significantly contributes to our society s mobility and economy Railway is considered as Critical Infrastructure in many countries (including Germany) and the European Union In Germany TEN-T Corridors categorized as critical Failures would result in disruption of public safety and security as well as supply shortages 4 DB Netz AG Christian Schlehuber I.NPS

5 New Features ESTW-NeuPro (DSTW) eulynx 5 DB Netz AG Christian Schlehuber I.NPS

6 New Threats ESTW-NeuPro (DSTW) eulynx 6 DB Netz AG Christian Schlehuber I.NPS

7 Current Architecture Design 7 DB Netz AG Christian Schlehuber I.NPS

8 Domain Specific Requirements Homologation (admission) through National Safety Authority Takes months or years Freedom of interference (between security and safety) Loss of admission o/w Laws and Regulations Directive on Network and Information Security (NIS) German IT Security Act Strong requirements for low latency for networks Only 50ms for complete communication Loss of availability < 5 ms for security operations 8 DB Netz AG Christian Schlehuber I.NPS

EN 50128 EN 50129 EN 50159 Security IEC 62443 9

9 Domain Specific Requirements Standards Source: IEC Draft Guide 120 Edition 1 Safety EN EN EN EN Security IEC DB Netz AG Christian Schlehuber I.NPS

Security for Safety: Developing a System Design Zone: Aggregation of logical or physical assets Have a common security level A zone can be clearly outlined, is consistent and requirements apply for

10 Security for Safety: Developing a System Design Zone: Aggregation of logical or physical assets Have a common security level A zone can be clearly outlined, is consistent and requirements apply for the whole zone Conduit: Logical grouping of communication channels If a conduit connects zones with different IT-Security Requirements, the conduit has to provide security measures for this connection 10 DB Netz AG Christian Schlehuber I.NPS

11 Security for Safety: Required Security Applications 11 DB Netz AG Christian Schlehuber I.NPS

12 Security for Safety: Shell Concept 12 DB Netz AG Christian Schlehuber I.NPS

bandwidth Security Uncouple from safety homologation Change in short intervals (days)

13 Security for Safety: Merits of the Security Shell Safety Maintain safety functionality Change in long intervals (decades) Distinguish safety incidents Interface KPI/QoS: latency, bandwidth Security Uncouple from safety homologation Change in short intervals (days) Distinguish security incidents Catch security attacks 13 DB Netz AG Christian Schlehuber I.NPS

14 Security for Safety: Security-Applied Design 14 DB Netz AG Christian Schlehuber I.NPS

15 Security for Safety: (Remaining) Challenges Vulnerability Analysis and recommendations Is knowledge about the systems available? Can the Recommendations be implemented? Preventive Vulnerability Scanning Is my system capable of a scan? Penetration Testing May the test result in outages? Staff Training and Awareness Is our staff capable to understand cyber security? Forensic Analysis Analysis vs. Fast Recovery Topics currently addressed in European research projects 15 DB Netz AG Christian Schlehuber I.NPS

16 Thank you for your attention M.Sc. Christian Schlehuber Team Leader / Expert CyberSecurity operational ITK DB Netz AG I.NPS 5 Mainzer Landstraße Frankfurt am Main Telefon: christian.schlehuber@deutschebahn.com

Challenges in Securing Railway Signalling CyberSecurity4Rail Conference DB Netz AG Christian Schlehuber I.NPS 5 Brüssel

Challenges in Securing Railway Signalling CyberSecurity4Rail Conference 2017 DB Netz AG Christian Schlehuber I.NPS 5 Brüssel 2017-10-04 Agenda 1. 2. 3. Introduction New Features New Threats Domain-specific