Challenges in Securing Railway Signalling CyberSecurity4Rail Conference ... · Für externe...
-
Upload
truongkhuong -
Category
Documents
-
view
224 -
download
0
Transcript of Challenges in Securing Railway Signalling CyberSecurity4Rail Conference ... · Für externe...
Für externe Präsentationen bitte immer eine Titelfolie mit der Ressort-Farbe verwenden.
Challenges in Securing Railway SignallingCyberSecurity4Rail Conference 2017
DB Netz AG | Christian Schlehuber | I.NPS 5 | Brüssel | 2017-10-04
Agenda
DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-042
1.
2.
3.
Introduction
New Features – New Threats
Domain-specific challenges
4. Security for Safety & Lessons learned
5. Conclusion
Biggest business premises in Germany – with public access• 5,700 Stations (in Germany) as gate to railway transportation• 33,500 km rail network• 48,800 heated railway switches (of 70,000 total)
• Approx. 3,300 interlockings• 1,323 electronic interlockings (ESTW)
Main Objective: Safe railway operation
Strong regulations of technical installations (according Safety)• EN 50126 (Reliability, Availability, Maintainability, Safety –
RAMS)• EN 50128 (Software for safety systems)• EN 50159 (Communication)• Etc.
National Safety Authority has to grant admission for every interlocking
IntroductionRailway (in Germany)
3 DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
Motivation
• Railway transport significantly contributes to our society’s mobility and economy
• Railway is considered as Critical Infrastructure in many countries (including Germany) and the European Union
• In Germany TEN-T Corridors categorized as critical
• Failures would result in disruption of public safety and security as well as supply shortages
4 DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
New Features
5
ESTW-NeuPro (DSTW) euLynX
DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
New Threats
6
ESTW-NeuPro (DSTW) euLynX
DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
Current Architecture Design
Interlocking System
Technology Center
Field Element Area
ETCSNeighbor Tech.Center
Central PKI
Security Center
Crypto Network Monitoring
Diagnosis SDI-DS admin
Operating Center
RBC
Field Element Area
Interlocking System
Aux. Systems
(Doc.) LST-LAN
LAN
WAN
7 DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
Domain Specific Requirements
8
Homologation (admission) through
National Safety Authority
Freedom of interference
(between security and safety)
Laws and Regulations
• Directive on Network and Information Security (NIS)
• German IT Security Act
Takes months or years
Loss of admission o/w
DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
Domain Specific Requirements – Standards
9
Source: IEC Draft Guide 120 Edition 1
EN 50126
EN 50128
EN 50129
EN 50159
Safety Security
IEC 62443
DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
Security for Safety – Shell Concept
10 DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
Required Security Applications
11
Safety
Authentication and key
exchange
Secure asset and
configuration management
Physical access
detection
Data filtering
Data logging and
aggregation
Reaction to critical events
DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
Security-Applied Design
12
ESTW-ZE
MDM
Technology Center ETCS
WAN
Central PKI
Security Center
SIEM
AD
AAA
Network Monitoring
Diagnosis SDI-DS admin
DNSSIEM
NTP
NTPDNS PKI
Operating Center
RBCAux. Systems
(Doc.)
Field Element Area
Object Controller
FeAk
Housing Alerts
Object Controller
FeAk
Housing Alerts
Neighbor Tech. Center
Interlocking System
WAN
NG-FW(ALG)
Field Element Area
Object Controller
FeAk
Housing Alerts
Object Controller
FeAk
Housing Alerts
Crypto
DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
(Remaining) Challenges
• Vulnerability Analysis and recommendations• Is knowledge about the systems available?• Can the Recommendations be implemented?
• Preventive Vulnerability Scanning• Is my system capable of a scan?
• Penetration Testing• May the test result in outages?
• Staff Training and Awareness• Is our staff capable to understand cyber security?
• Forensic Analysis• Analysis vs. Fast Recovery
13 DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
Lessons Learned:Shell is not the end of the road
• Safety and Security Departments worked parallel with minimum interaction
Safety and Security performed own analyses, estimated impacts and derived requirements
The result works, but it was discovered, that duplicate work was done
Current ongoing investigations on how much the new Security process can be integrated in our well-established Safety process
• Vulnerability vs. Hazard
• Safety Requirements vs. Security Requirements
14 DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
Lessons Learned
15
Tolerable Hazard Rate THR
(Design Targets)
System Definition, phase 2
causes
Risk Analysis
Maintainability
Availability
Reliability
Safety, phase 3
Hazards
System Requirements, phase 4
Final breakdown of independentsafety functions and TFFR / SIL allocation per function, phase 5
Resulting SIL on system
level
System, phase 6
Design
Targets (DT)
by legal
framework
Risk Analysis
exploitsThreats
SecurityLevel (SL)(IEC 62443)
influences
IT-Security
EN 50126EN 50129EN 50128EN 50657
IEC 27000 ffIEC 62443 ff
EN 50159
International Standards
reduces
part of
increase of
mapto
FR1
FR2
FR7
FR3
FR5
FR4
FR6
System
Vulnerability Fou
nd
ation
al Re
qu
irem
ents
DB Netz AG | Christian Schlehuber | I.NPS 5 | 2017-10-04
„Vielen Dank für Ihre Aufmerksamkeit“ kann auch durch ein anderes Abschlusszitat oder eine Botschaft ersetzt werden.
http://fahrweg.dbnetze.com
Thank you for your attention