Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail...

21
Security of Critical Rail Infrastructures: UIC contributions Grigore M. Havârneanu, PhD Research Advisor Fundamental Values Department Security Division UNECE Workshop on Critical Transport Infrastructure and Cyber Security Geneva, 6 September 2016

Transcript of Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail...

Page 1: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Security of Critical Rail Infrastructures: UIC contributions Grigore M. Havârneanu, PhD Research Advisor Fundamental Values Department – Security Division UNECE Workshop on Critical Transport Infrastructure and Cyber Security Geneva, 6 September 2016

Page 2: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Overview

> Security – a fundamental value of the railways

> Security at UIC working groups

publications

projects

future events

> The way forward

2 UIC | Security Division | Grigore M. Havârneanu, PhD

Page 3: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Why security? Because the time of carefree attitude has finished!

UIC | Security Division | Grigore M. Havârneanu, PhD

Passengers

Freight

Rail systems

Conventional rails

High-Speed rails

Commuter lines

Stations & hubs

Services

Operations

Wagons

Dangerous goods

Global corridors

Rolling stock

Assets

Signalling

Telecommunications

3

Page 4: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

4 UIC | Security Division | Grigore M. Havârneanu, PhD

Security threats and risks for railways...

Derailment Freight Theft

Labor Dispute Metal Theft

Sabotage Accidents

Pandemic

Power Blackout Cyber Attacks

Begging

Property Damage

Migration

Extreme Weather

Violence

Pickpocketing

Terrorism Graffiti

Harassment

Ticket Fraud

Trespassing

Ben Lack Photography Ltd

Immigration and Customs Enforcement

Suicide

Mass Events

Media Reports

Page 5: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Operational impact

Operational performance, delay minutes and cancellations /

significantly delayed services

Availability of equipment and resources

...

Financial impact

Direct cost from loss of infrastructure and rolling stock components

Compensations paid to train / freight operating companies

Revenue loss due to loss of customers etc.

...

Reputation impact

Media and public will look for errors, misjudgement

Customers and business partners’ confidence in how the railway is

run and what is being done to secure the railways

...

5 UIC | Security Division | Grigore M. Havârneanu, PhD

… may lead to unwelcome effects

Page 6: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Security at UIC

UIC | Security Division | Grigore M. Havârneanu, PhD

Sustainable Development

Research Safety Security Expertise

Development

> Fundamental Values Department

6

Page 7: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Sustainable Development

Research Safety Security Expertise

Development

> Global Security Platform and Steering Committee

Human Factors Technology Procedures Border crossing Metal theft

Security at UIC

UIC | Security Division | Grigore M. Havârneanu, PhD 7

Page 8: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Leaflets, brochures, practical

guides & handbooks

- from the WGs

- on particular topics

UIC Security Division Publications

UIC | Security Division | Grigore M. Havârneanu, PhD 8

Page 9: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Scientific publications

UIC Security Division Publications

UIC | Security Division | Grigore M. Havârneanu, PhD 9

Page 10: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

10

Protection of railway infrastructure against

electromagnetic attacks - www.secret-project.eu

Past EU research projects

UIC | Security Division | Grigore M. Havârneanu, PhD

Starting date : 01 August 2012 for 36 Months

Budget : 4,268 M€ (including 3,059 M€ funding by EU)

Coordinator: IFSTTAR (France)

Partners: 10 Partners from 5 countries

Page 11: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

11

Past EU research projects

• Added value: Provision of

recommendations to better protect rail

communication and signalling system

against electromagnetic attacks

• White paper: Key lessons learned

UIC | Security Division | Grigore M. Havârneanu, PhD

Protection of railway infrastructure against

electromagnetic attacks - www.secret-project.eu

Page 12: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

12

Critical Infrastructure Preparedness and

Resilience Research Network - www.ciprnet.eu

Ongoing EU research projects

Starting date: 01 March 2013 for 48 months

Coordinator: Fraunhofer IAIS

Partners: 11 partners from 8 countries: 10 R&D partners and UIC

as end-user representative

UIC | Security Division | Grigore M. Havârneanu, PhD

Page 13: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

13

Critical Infrastructure Preparedness and

Resilience Research Network - www.ciprnet.eu

Ongoing EU research projects

• Added value: common

security culture among CI

operators and authorities

• CIPedia©: A “Wikipedia” of

CIP & CIR www.cipedia.eu

• Capability forming services

UIC | Security Division | Grigore M. Havârneanu, PhD

Page 14: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Cybersecurity in the RAILway sector

Starting EU research projects

14 UIC | Security Division | Grigore M. Havârneanu, PhD

Topic: SR2-OC-IP2-01-2015 – Threat detection and profile protection

definition for cyber-security assessment

> Estimated starting date: 01/10/2016 for 2 years

> Consortium led by Evoleo with EUSKOIKER, FORTISS, UIC,

Cassidian Cybersecurity, ATSEC

Page 15: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Starting EU research projects

15 UIC | Security Division | Grigore M. Havârneanu, PhD

Objectives :

> deliver tailored specifications and recommendations for secure

modern rail systems design and operation,

> create innovation by bringing existing intelligent and secure

techniques from other domains into the railway context,

> research improved detection techniques in different operational

scenarios

Cybersecurity in the RAILway sector

Page 16: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Strategic aim:

How to avoid at the “railway level” the consequences coming from

threats (cyber attacks…) on operational signaling networks?

• Availability (network fall down)

• Security (intrusion) and Safety (malware)

• Security management during all the life of the network

Results :

UIC will publish in 2016 a specific IRS (International Railway Standard)

with requirements for:

• Functional level: data coherence, detection system...

• System organisation and architecture: Security and safety

management system, skill, education, authorizations…

Project within UIC rail system department: ARGUS

UIC | Security Division | Grigore M. Havârneanu, PhD 16

Page 17: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

Workshops and Seminars

World Congress on Railway

Security (every year since 2000)

UIC Security Division Events

UIC | Security Division | Grigore M. Havârneanu, PhD 17

Page 18: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

18 UIC | Security Division | Grigore M. Havârneanu, PhD

Next events

Main topic: Security of stations

Organized by: Security Division + Station

Managers Global Group (SMGG)

With local support from the Finnish Transport

Agency (FTA)

Save the date and call for papers launched on 5

September.

Expected topics:

- Legal aspects

- Technologies (e.g. detection of weapons and

explosives)

- Human Factors (e.g. management of crowds)

Page 19: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

19 UIC | Security Division | Grigore M. Havârneanu, PhD

Next events

Early bird registrations until: 10 September 2016

Keynote speeches on hot topics of the moment

30 papers to be published by Springer

Topics:

Innovative responses for the protection of cyber-

physical systems

Policies, best practices and lessons learned

Advances in Human Factors, decision support,

and cross-sector CI(I)P approaches

Young CRITIS and CIPRNet Young CRITIS

Award (CYCA)

http://critis2016.org

Page 20: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

20 UIC | Security Division | Grigore M. Havârneanu, PhD

The way forward

PAST: Never again

Learn from past experiences

Feedback loop

PRESENT: Crisis management

Coherent policy for system resilience

Mitigation of consequences (especially

for CI)

FUTURE: Anticipate

Think ahead

New threats

Page 21: Security of Critical Rail Infrastructures: UIC contributions...Security of Critical Rail Infrastructures: UIC contributions ... Revenue loss due to loss of customers etc. ... Reputation

21 UIC | Security Division | Grigore M. Havârneanu, PhD

UIC website (Security activity): http://www.uic.org/security

Security private workspace: http://extranet.uic.org (Around 1000 documents available)

Contact: [email protected]

Thank you for your kind attention!