As transport systems become increasingly connected, rail safety takes on an added dimension. Knorr-Bremse is developing digital solutions to meet the new challenges in cyberspace.
The original article was first published as a guest contribution in the magazine "Der Nahverkehr" (issue 12/2021).
A firmware update, which in reality was not a firmware update at all, was all the two security experts needed to access the CAN bus via the entertainment system’s internet connection. From there, they could operate every one of the vehicle’s electronically controlled components via the cell phone network – for example, to make the Jeep Grand Cherokee perform an emergency stop in the middle of the motorway. The 2015 stunt served as a wake-up call for the mobility industry. It showed that cyberattacks on vehicles are not just a theoretical possibility, but also a real-world threat. The same applies to rail vehicles.
The degree of rail vehicle connectivity has risen tremendously, especially in recent years. Fleet operators rely on digitalization to deliver attractive and intelligent transport solutions. It is crucial in enabling condition-based maintenance of train doors, for example, or (driver) assistance systems that will make automated train operation (ATO) possible in the future. Embedded in digital business models, rail vehicles along with their subsystems can already be described as computers on wheels. Communication takes place via ethernet, data is stored in the cloud. At the same time, connectivity is on the rise and fleets that were previously operated offline are now permanently online.
The concrete threat scenario: via cyber attacks hackers could try to paralyze entire vehicle fleets from afar. The economic damage of the ensuing costs, such as production downtimes due to late supply deliveries, train cancellations and costly repairs, would be high. This makes the continued reliance on standard technology all the more surprising. As the initial example shows, merely protecting the outer edges of networks is no longer sufficient. Rather, an effective cybersecurity architecture must encompass every component of the system. Cybersecurity has thus become a strategic discipline.
At Knorr-Bremse, all the strands come together at a dedicated Center of Competence for Cybersecurity, organizationally integrated within the subsidiary Selectron in Switzerland. The Knorr-Bremse company primarily develops and produces Train Control & Management Systems (TCMS), which control numerous vehicle subsystems, from braking to HVAC and boarding systems.
The key term in cybersecurity strategy is Product Cybersecurity Architecture. It denotes a new cybersecurity architecture that includes every Knorr-Bremse subsystem and its components. The standard series 62443 issued by the International Electrotechnical Commission (IEC) and the technical specification TS 50701, which will be adopted in May 2021, form a solid basis for an integrated defense-in-depth concept. This is all about combining complementary protective measures on the premise that each of them could be cracked on its own, but together they offer the best possible protection.
One such measure is the Threat Detection Solution (TDS), an innovative concept for detecting and defending against attacks by hackers. It transfers the logic of Intrusion Detection Systems (IDS) from the IT and automotive sectors to the world of rail vehicles. Acting as an early warning system, it detects anomalies in data traffic long before criminals can inflict damage and reports them to the Rail Security Operations Center at Selectron. In accordance with the Trusted Platform Modules standard (TPM 2.0), security chips check the identity and integrity of control software using a kind of fingerprint. Firmly built into the hardware of the local computer, the chips immediately detect any falsification or tampering.
Looking to the future, new devices will also be issued with a kind of digital, forgery-proof ID in the form of a security certificate. Knorr-Bremse has set up its own public key infrastructure (PKI) for handling these certificates. This cloud-based service automates the task of securely managing the digital security certificates. The PKI has been in operation since the beginning of 2021 and is currently being used for tamper-proof digital software signatures and for developing secure device startup processes.
Merely protecting the outer edges of networks is no longer sufficient. Rather, an effective cybersecurity architecture must encompass every component of the system.
Paolo Fanuli – Head of the Center of Competence for Cybersecurity Rail at Selectron, a subsidiary of Knorr-Bremse AG
Above all, this requires close coordination: clearly, the development departments must be involved in planning such measures from an early stage – always with an eye on the digital future of rail transport. At this point, we come full circle to the Product Cybersecurity Architecture. After all, the measures are intended to cover the entire life cycle of the product, which in the case of rail vehicles can be several decades long. It is virtually impossible to retrofit certified vehicles that have been approved for each individual country.
The increased threat situation is not the only reason why rapid progress is needed in the field of cybersecurity for rail transport. Policy-makers are also responding. The EU Network and Information Safety Directive (NIS) has already been ratified as part of the EU’s cybersecurity strategy. Now the ball is in the court of the EU member states to translate the directive into national IT security legislation. And in the next few years, binding IT security standards (E50/E155) will come into force for the approval of trains.
As is so often the case, vehicle manufacturers, operators and system manufacturers must all pull together. This is complex and sometimes challenging, but the potential for automation and digitalization in the industry is huge. And progress in these areas is certainly a crucial prerequisite for the shift from road to rail.
As automation and digitalization become more prevalent, the threat posed by cyberattacks on rail transport intensifies. At the same time, politicians are tightening the legal requirements. Knorr-Bremse is shaping the trend towards even greater security in the digital domain – and has upgraded cybersecurity to a strategic discipline. A dedicated Center of Competence for Cybersecurity is rolling out the integrated defense-in-depth concept across the entire product and system portfolio. This involves a combination of complementary protection measures, from early warning systems to security chips to cloud-based public key infrastructures, all working in concert to provide the best possible protection. And by maintaining a view of the rail vehicle over its entire lifecycle, it lays more of the groundwork for the modal shifts from road to rail and the future of secure rail transport.