Embed Size (px)
Citation preview
www.thalesgroup.com OPEN
Cybersecurity and Communications Based Train Control
RAHEEL QURESHICYBERSECURITY AUTHORITY URBAN RAIL SIGNALLING (URS)
© 2016 Thales Canada, Transportation Solutions. All rights reserved. Passing on or copying of this document, use or communication of its content in whole or in part is not permitted without Thales’ express prior written authorization.
2OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
Presentation Agenda
Overview of the Cybersecurity Threat Landscape
Enabling “secure by design” principles
Meeting challenges in a digital and mobile communication environment
3OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
4OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
2004
2015
2010
The Cybersecurity Landscape – Cyberattacks on the Rise
www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
getting bigger
attacks are
The
5OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
How About Cyberattacks against Signalling Networks?▌ The “Tip of the Iceberg”:
January 2008: a teenage hacked into a Polish tram system using an adapted television remote control, derailing four vehicles as a prank. 12 people were injured in one such derailment. The boy had trespassed at tram depots to gather information and equipment.
- http://www.telegraph.co.uk/news/worldnews/1575293/Schoolboy-hacks-into-citys-tram-system.html
December 2011: a Pacific Northwest transportation entity reported that hackers remotely attacked computers from three IPs, disrupting railway signals for two days.
- http://www.wired.com/2012/01/railyway-hack/
July 2012: At DefCon, MIT researchers presented a series of steps against wireless access points and antennas that yielded the theft of an invalid certificates and Siemens login credentials. The team also cloned RFID badges of transportation staff.
- http://www.computerworld.com/article/2597509/cybercrime-hacking/def-con--how-to-hack-all-the-transport-networks-of-a-country.html
May 2015: System passwords attached on top of a station controller’s monitor at one of London’s busiest railway stations were exposed to TV viewers during a BBC documentary broadcast.
- http://www.theregister.co.uk/2015/05/01/london_rail_station_exposes_signal_system_passwords/
October 2015: North Korea is suspected of hacking into a Seoul subway operator in 2014 for several months. Over 210 terminals of control centre and power supplier employees were infected with 58 instances of malware.
- http://timesofindia.indiatimes.com/world/rest-of-world/Pyongyang-suspected-of-hacking-Seouls-subway-operator/articleshow/49227025.cms
Many instances involve software/hardware updates being shipped out by suppliers with malware embedded
6OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
But I have a Firewall!
7OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
Cybersecurity Drivers – What does it mean to the CBTC?
Integrity
ConfidentialityAvailability
Safety Protection against EN 50159Threats: Repetition, Masquerading, etc,
Prevent Impact to operations (localized virus infection) to complete shutdown (e.g. self propagating worm, full hacking compromise) Protect Thales and customer
reputation and public trust
Security Objectives
8OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
▌ Functional Requirements Driving Cybersecurity Needs
o Use of Open wireless networks instead of closed WiFi (LTE or WiMAX) - LTE and WiMAX native security is not enough to protect safety critical systems Auxiliary functions where there is no coverage to the CBTC WiFi network.
Fallback functions – use a redundant fall back link to the WiFI network
Primary link replacing the WiFi network – China mandates the use of LTE
o View only from Untrusted Networks (remote ATS consoles) Dedicated workstation in the Client Data Network (CDN) that needs to VPN to the CBTC
Mobile ATS terminals (e.g. Light Client for maintainer) that connect to the DCS via a public radio network (Internet) with secure command capabilities.
Read-only web-based Remote ATS terminals and Universal terminals that reside on a public network
o ATS Interfaces to External Systems in Untrusted Networks (SCADA, Passenger Information System, Master Clock)
We Are No Longer Confined to the 4 Walls!
9OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
Secure By Design – Cybersecurity Solution
▌ Secure Gateway (SG) – Provides secure application level filtering for interfacing with external system such as SCADA and PIS.
▌ Security Information and Event Management Solution (SIEM) – Provide logging and monitoring services and threat detection and prevention (multi-layer): cyberattacks, malware. A searchable central log repository with alerting capabilities to the NMS.
▌ Onboard Internet Security Device (OISD) – Additional SD (Encryption) functions such as multi-layer firewall and Hosting Intrusion Detection Prevention and remote logging to protect against public wireless networks
10OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
Adopting Industry Standards – Control Frameworks
Control Framework
NIST View
IEC View
Technical Security Controls
Thales Engineering Product
Non-technical Security Controls
IEC 62433-3-3 IEC 62433-2-2
NIST 800-53 r4 NIST 800-53 r4
Controls and Control Enhancements
Mapping
▌Establishing a Cybersecurity Assurance Process
Adopting a Cybersecurity Standards FrameworkEmbedding Cybersecurity in the Development Lifecycle
▌Secure by DesignEstablishing Design Standards and PrinciplesCreating Building Blocks and Deployment Patterns
11OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
Embedding cybersecurity in the development lifecycle
Orient Design Develop Integrate and Verify Validate
Cybersecurity Management Plan
Cybersecurity Requirement Gap
Analysis
Cybersecurity Architecture and Design
Cybersecurity Risk Assessment
Configure and Unit Test Cybersecurity Comp
DEFINITION & D
ECOMPOSITION
INTE
GRATION
& VERIF
ICATI
ON
SOR SSR SFR PDR CDR TRR TQR TRR FQR
Development Lifecycle
Penetration Testing (FAT)
Cybersecurity Configuration
Verification (SAT)
Cybersecurity Operations Procedure
CBTC Cybersecurity Policy and Process
12OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
Secure By Design – Cybersecurity Design Principles
▌ The following cyber security design principles are applied to the development of CBTC cyber security controls:
Defense in Depth – Multiple layers of defense are applied. Even if a layer of defense is breach, e.g. due to a zero-day-vulnerability the system will be resilient and prevent a cybersecurity breach.Incorporate Preventive, Detective, and Recovery Controls – To succeed in addressing today’s sophisticated cyber security attacks, the security solution must incorporate strong preventive mechanisms but also the ability to detect and quickly recover from cyber security attacks without affecting safety and system availability.Design Patterns – Use of proven design patterns and protocols when available. CBTC will leverage tools and techniques that are de-facto industry standards.Risk based Approach – Subsystem requirements, and design trade-off are based on cost benefit analysis from threat and risk assessments.
13OPEN
This
docu
men
t may
not
be
repr
oduc
ed, m
odifie
d, a
dapt
ed, p
ublis
hed,
tran
slate
d, in
any
way
, in
who
le o
r in
part
or d
isclo
sed
to a
third
par
ty w
ithou
t the
prio
r writ
ten
cons
ent o
f Tha
les
-©
Thal
es20
15 A
ll rig
hts r
eser
ved.
Meeting challenges in a digital and mobile communication environment
Securing CBTC in the digital and mobile communication environment
▌ Ensuring cybersecurity and the ability of leveraging public networks in a secured way is embedded in the CBTC .Examples Include:
Remote ATS Terminal – web browser viewing of status informationLight Client – Use of tablets by maintainersUse of WiMAX and LTE as a secondary link to the private wireless networkCloud Computing
▌ Providing regular “security” health checkRisk assessment and remediation of existing install base – are the systems still secure?Monitoring, patching of Internet facing systems
▌ Providing cybersecurity monitoring solutions and services
www.thalesgroup.com THALES GROUP INTERNAL
Thank you!
Questions?
