A Safety-Security Assessment Approach for Communication-Based Train Control (CBTC) Systems Based on the Extended Fault Tree

Yi, Shengwei; Wang, Hongwei; Ma, Yangyang; Xie, Feng; Zhang, Puhan; Di, Liqing

doi:10.1109/icccn.2018.8487464

Cited by 10 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These risk assessments are generally focused on attacks that could impact safety, as defined in the functional safety standards. 10,11,[15][16][17][18][19][20][21] In rail the most common scenario modelled is a hacker compromising the ICS so as to cause: a loss of safe distance, an over-speed event or collision via disrupting signals. This bias of considering only the most catastrophic hazard and framing cybersecurity controls to make this as difficult as possible, may not do justice to the intelligence of hackers.…”

Section: Cognitive Bias In Threat and Risk Assessmentmentioning

confidence: 99%

Railway cyber safety: An intelligent threat perspective

Unwin

Sanzogni

2021

Proceedings of the Institution of Mechanical Engineers, Part F:

View full text Add to dashboard Cite

Cybersecurity threats to railways are increasing, both due to improvements in the techniques of hackers and the increasing merger of cyber and physical spheres. Accepted approaches to safety can be extended to consider the risks from cyber, however the nature of railways as complex cyber-physical systems of systems may require a broader approach beyond functional safety. This paper explores some of the cybersecurity hazards using a war gaming approach. The authors find that, while standard engineering approaches are effective in building new rail control system components, a broader and more creative consideration of attacks has benefits. In particular they identify the ability to cause mass disruption by targeting the fail-safes designed to ensure safety or auxiliary systems that are not directly classified within the scope of the ICS.

show abstract

Section: Cognitive Bias In Threat and Risk Assessmentmentioning

confidence: 99%

Railway cyber safety: An intelligent threat perspective

Unwin

Sanzogni

2021

Proceedings of the Institution of Mechanical Engineers, Part F:

View full text Add to dashboard Cite

show abstract

“…In the security engineering domain, a similar approach was used named attack trees [30] for modelling security threats where the top events represent an attack goal. Following the trend of safety-security co-engineering, approaches to conciliate safety-related fault trees with security attack trees are proposed [32] and industrial experiences of this mix are reported (e.g., railways domain [36]).…”

Section: Fault Trees and Attack Treesmentioning

confidence: 99%

Safety and Security Interference Analysis in the Design Stage

Martínez

Godot

Ruíz

et al. 2020

Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops

View full text Add to dashboard Cite

Safety and security engineering have been traditionally separated disciplines (e.g., different required knowledge and skills, terminology, standards and life-cycles) and operated in quasi-silos of knowledge and practices. However, the co-engineering of these two critical qualities of a system is being largely investigated as it promises the removal of redundant work and the detection of trade-offs in early stages of the product development life-cycle. In this work, we enrich an existing safetysecurity co-analysis method in the design stage providing capabilities for interference analysis. Reports on interference analyses are crucial to trigger co-engineering meetings leading to the trade-offs analyses and system refinements. We detail our automatic approach for this interference analysis, performed through fault trees generated from safety and security local analyses. We evaluate and discuss our approach from the perspective of two industrial case studies on the space and medical domains.

show abstract

“…For both, the detailed and the high-level risk assessment, it is suggested to use the same risk assessment methodology [2]. In [23], fault trees are used to analyze safety and security in a Communication Based Train Control (CBTC) system of urban railways. Security events are added as additional nodes in the fault tree.…”

Section: Existing Railway Risk Analysis Approachesmentioning

confidence: 99%

Threat Modeling in the Railway Domain

Schmittner

Tummeltshammer

Hofbauer

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Connected and intelligent railway technologies like the European Rail Traffic Management System (ERTMS) introduce new risks in cybersecurity. Threat modeling is a building block in security engineering that identifies potential threats in order to define corresponding mitigation. In this paper, we show how to conduct threat modeling for railway security analysis during a development life cycle based on IEC 62443. We propose a practical and efficient approach to threat modeling, extending existing tool support and demonstrating its applicability and feasibility.

show abstract

A Safety-Security Assessment Approach for Communication-Based Train Control (CBTC) Systems Based on the Extended Fault Tree

Cited by 10 publications

References 9 publications

Railway cyber safety: An intelligent threat perspective

Railway cyber safety: An intelligent threat perspective

Safety and Security Interference Analysis in the Design Stage

Threat Modeling in the Railway Domain

Contact Info

Product

Resources

About