Ensuring the cybersecurity of systems, products, and applications throughout their lifecycle poses a significant challenge for the railway industry.
Mr. Eichhorn, when someone was asked to set up a password some fifteen years ago, often that meant a simple four-digit pin, but in the meantime, it is not uncommon for 12 digits with capital letters, numbers, and special characters to be required. In the near future, different, more complex authentication mechanisms like multifactor, biometric, or other means of authentication, even without passwords, will be the standard.
From a short pin to an elaborate password in three decades. For a vehicle as complex as a train, thirty years isn’t such a long time.
Against the backdrop of rapid digital development throughout the industry, that is precisely the challenge in terms of cybersecurity for future rail applications. As early as today, we must manufacture products and systems fit for threat scenarios that may not even exist yet. Considering that our products must be fully functional and maintained over a long period of time, security must be built-in from the very start of design, cover the whole life cycle of the product, be resilient, and follow defence-in-depth principles. This is particularly essential considering the increasingly extensive driverless train operations (ATO) and development projects such as the Digital Freight Train. The Knorr-Bremse Competence Center for Product Cybersecurity, located at the group company Selectron Systems AG in Lyss, Switzerland, is enabling rapid digital business transformation by keeping all of our systems, like braking, entrance, climate control, and sanitary systems, secure throughout the decades. Our approach involves governance, risk management, and security controls tailored to each product platform’s unique requirements. Our organisation is structured accordingly, with a central competence centre and specialists in each major product platform, operating in a matrix structure.
How does Knorr-Bremse protect its daily operations from future cyber threats?
In terms of addressing potential threats, we are not groping in the dark. If we look at the architecture of future rail vehicles and the way data flows, it quickly becomes clear where the potential weak spots are: the path to and from the cloud, where data, for a product update, for example, is uploaded to the rail vehicle. The first step is the verification that this data is indeed unmodified through the use of digitally signed and verified updates. And, of course, the entire system itself must be compliant with the International Electrotechnical Commission’s (IEC) standard IEC 61508 defined SIL levels and the required standards for cybersecurity in transportation (IEC62443 and TS50701), as an example. The good news is that this challenge can be met quite well with a consistent security-by-design approach: defence in depth principles and segregation of data and communication channels, together with enforced authentication, form an efficient shield against cyber threats for devices, networks, and data transmission.
To sum up, we combine safety-certified railway hardware with powerful cybersecurity functions and customised services to create a holistic cybersecurity architecture. We are here to help our customers close and detect security gaps before they become attack targets for hackers. We don’t want to react only after new threats have already emerged. Instead, we already proactively close the gates of entry. For this purpose, we have implemented our Railway Product Cybersecurity Architecture: every component installed in a Knorr-Bremse subsystem will be vetted on cybersecurity efficiency, starting with its development launch. Conventional ‘security products’, such as the Security Gateway (SGW), secure access. The public key infrastructure (PKI) assigns digital security certificates to devices and software, protecting them from unauthorised change and unmistakably identifies these products originating from Knorr-Bremse. Like an early warning system, the Selectron Threat Detection Solution (TDS) detects anomalies in data traffic within the train network, as well as in traffic to and from the vehicle manufacturer or operator. The TDS only allows approved communication and approved devices on the network, preventing hackers for sneaking in their own malicious devices in a train’s communication network.
What about the costs of implementing such strict security measures?
The costs associated with shutting down an entire rail line, even for a few hours, due to a cyber-attack will by far exceed the expenses of implementing cybersecurity measures in the design and production stages. Moreover, the decision to prioritise cybersecurity is no longer solely in the hands of operators or vehicle manufacturers. Legislators are imposing increasingly stringent guidelines, making it imperative to allocate resources and prioritise cybersecurity measures.
Given that rail vehicles are in service for decades, can cybersecurity measures also be retrofitted?
Regular security audits and assessments need to be conducted to evaluate the overall security posture of the products. However, a retrofit in the classic sense is a very challenging undertaking. Whenever you make a significant change anywhere on the vehicle, and that includes most cybersecurity measures, you must go through a re-approval process and, in some instances, even a certification process, which includes a whole train composition and not just a component in a train. Solutions for rolling stock must always comply with uncompromising certification and homologation requirements to guarantee safety. The effort involved is substantial. However, in cases where new systems are being installed as part of modernisation projects, such as a door control system, it’s advisable to choose options that already include cybersecurity measures.
What is the key role of Knorr-Bremse in helping our business partners understand the impact of cybersecurity?
The role of Knorr-Bremse is to emphasise how cybersecurity impacts corporate risk and how the business can be safeguarded. We need to effectively communicate these complex issues to our business partners, ensuring they understand the potential threats and are willing to invest in our solutions. In a complicated world, it’s essential for businesses to rely on trustworthy partners who possess advanced expertise in cybersecurity and digital transformation while also maintaining a broad perspective on the ever-evolving landscape.