Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands
The railway industry—traditionally a conservative industry with low adaption speed for innovation—is currently entering its digitization phase. The sector faces a challenge in integrating new technologies and approaches into the employed—often safety-critical—systems. Keeping the systems secure whil...
Main Authors: | , , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2023-09-01
|
Series: | Vehicles |
Subjects: | |
Online Access: | https://www.mdpi.com/2624-8921/5/4/69 |
_version_ | 1797379181869268992 |
---|---|
author | Simon Unger Markus Heinrich Dirk Scheuermann Stefan Katzenbeisser Max Schubert Leon Hagemann Lukas Iffländer |
author_facet | Simon Unger Markus Heinrich Dirk Scheuermann Stefan Katzenbeisser Max Schubert Leon Hagemann Lukas Iffländer |
author_sort | Simon Unger |
collection | DOAJ |
description | The railway industry—traditionally a conservative industry with low adaption speed for innovation—is currently entering its digitization phase. The sector faces a challenge in integrating new technologies and approaches into the employed—often safety-critical—systems. Keeping the systems secure while conforming to the demanding safety norms creates previously unknown problems. In the last decades, the number of attacks on the railway system has increased. Furthermore, with standardized digital technologies, the attack surface will keep growing. Therefore, in this work, we look into the foreseeable future of the railway system and present 21 likely use cases. We analyze these use cases regarding possible threats, rate the severity of these threats, and deduce and rate necessary countermeasures. To this end, we model these use cases and the corresponding threats and countermeasures using Attack Graphs. We use a graphical solution for the risk and security analysis due to advantages over other methods, i.e., table-based solutions, like simplified presentation and an easier understanding of relationships, dependencies, and interactions between various elements. From these Attack Graphs, we extracted 14 commonly recurring attack strategies. After analyzing 49 countermeasures regarding their current maturity and further research and standardization demands, we identified 21 in need of further investigation. This implies that 21 necessary countermeasures to secure these future use cases require further research to apply to railway systems or require standardization. These results will help researchers focus on the necessary research and standardization and railway operators to ensure the security of their systems. |
first_indexed | 2024-03-08T20:18:31Z |
format | Article |
id | doaj.art-d133cc81f9184db18f90b816dd0f2031 |
institution | Directory Open Access Journal |
issn | 2624-8921 |
language | English |
last_indexed | 2024-03-08T20:18:31Z |
publishDate | 2023-09-01 |
publisher | MDPI AG |
record_format | Article |
series | Vehicles |
spelling | doaj.art-d133cc81f9184db18f90b816dd0f20312023-12-22T14:47:43ZengMDPI AGVehicles2624-89212023-09-01541254127410.3390/vehicles5040069Securing the Future Railway System: Technology Forecast, Security Measures, and Research DemandsSimon Unger0Markus Heinrich1Dirk Scheuermann2Stefan Katzenbeisser3Max Schubert4Leon Hagemann5Lukas Iffländer6Chair of Computer Engineering, Faculty of Computer Science and Mathematics, University of Passau, 94032 Passau, GermanyINCYDE GmbH, 10117 Berlin, GermanyFraunhofer SIT, 64295 Darmstadt, GermanyChair of Computer Engineering, Faculty of Computer Science and Mathematics, University of Passau, 94032 Passau, GermanyINCYDE GmbH, 10117 Berlin, GermanyINCYDE GmbH, 10117 Berlin, GermanyDeutsches Zentrum für Schienenverkehrsforschung beim Eisenbahn Bundesamt, 01219 Dresden, GermanyThe railway industry—traditionally a conservative industry with low adaption speed for innovation—is currently entering its digitization phase. The sector faces a challenge in integrating new technologies and approaches into the employed—often safety-critical—systems. Keeping the systems secure while conforming to the demanding safety norms creates previously unknown problems. In the last decades, the number of attacks on the railway system has increased. Furthermore, with standardized digital technologies, the attack surface will keep growing. Therefore, in this work, we look into the foreseeable future of the railway system and present 21 likely use cases. We analyze these use cases regarding possible threats, rate the severity of these threats, and deduce and rate necessary countermeasures. To this end, we model these use cases and the corresponding threats and countermeasures using Attack Graphs. We use a graphical solution for the risk and security analysis due to advantages over other methods, i.e., table-based solutions, like simplified presentation and an easier understanding of relationships, dependencies, and interactions between various elements. From these Attack Graphs, we extracted 14 commonly recurring attack strategies. After analyzing 49 countermeasures regarding their current maturity and further research and standardization demands, we identified 21 in need of further investigation. This implies that 21 necessary countermeasures to secure these future use cases require further research to apply to railway systems or require standardization. These results will help researchers focus on the necessary research and standardization and railway operators to ensure the security of their systems.https://www.mdpi.com/2624-8921/5/4/69railway systemAttack Graphstechnology forecastsecurity threatssecurity measuresstandardization |
spellingShingle | Simon Unger Markus Heinrich Dirk Scheuermann Stefan Katzenbeisser Max Schubert Leon Hagemann Lukas Iffländer Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands Vehicles railway system Attack Graphs technology forecast security threats security measures standardization |
title | Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands |
title_full | Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands |
title_fullStr | Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands |
title_full_unstemmed | Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands |
title_short | Securing the Future Railway System: Technology Forecast, Security Measures, and Research Demands |
title_sort | securing the future railway system technology forecast security measures and research demands |
topic | railway system Attack Graphs technology forecast security threats security measures standardization |
url | https://www.mdpi.com/2624-8921/5/4/69 |
work_keys_str_mv | AT simonunger securingthefuturerailwaysystemtechnologyforecastsecuritymeasuresandresearchdemands AT markusheinrich securingthefuturerailwaysystemtechnologyforecastsecuritymeasuresandresearchdemands AT dirkscheuermann securingthefuturerailwaysystemtechnologyforecastsecuritymeasuresandresearchdemands AT stefankatzenbeisser securingthefuturerailwaysystemtechnologyforecastsecuritymeasuresandresearchdemands AT maxschubert securingthefuturerailwaysystemtechnologyforecastsecuritymeasuresandresearchdemands AT leonhagemann securingthefuturerailwaysystemtechnologyforecastsecuritymeasuresandresearchdemands AT lukasifflander securingthefuturerailwaysystemtechnologyforecastsecuritymeasuresandresearchdemands |