‘A cyber attack always leaves a trace’
A rugged dream box represents an entire railway system for IBM’s Domenico Raguseo and MERMEC S.p.A’s Domenico Scardicchio. It is a prototype, used to visualise the security elements required in the complex IT infrastructure of a railway system. They will be speaking about the cyber security implications for railways at the Intelligent Rail Summit, held in Vienna from 28-30 November.
“In the context of railways, security elements must be implemented in a large range of subsystems, which are all interconnected. If we focus on railway signaling for example, we have to look at track side equipment, on-board equipment, processing systems, network connections and radio links. Each subsystem requires a deep security analysis,” explained Raguseo.
Because these subsystems are interconnected, they require a holistic security approach, explain the Italian cyber security experts. “A single attack is usually a violation of several control systems with severe consequences. That is why all security elements should be integrated in a single system.” It is that single system that Raguseo and Scardicchio are working hard to develop as part of a joint project. The team has identified all the relevant investment areas and has a good idea of what must be done. They must be careful what they communicate with the public, however. “When you reveal too much, you could open the door for a possible cyber attack, as it may inspire people with the wrong intentions.”
Another recommendation provided by Raguseo and Scardicchio is around the prevention of an attack, something which is becoming increasingly likely. “Every time an attack happens, it leaves a trail of information. In contrast with conventional crime, which sometimes does not leave a single trace, a cyber attack always leaves a trace. With every attack we understand the attacker better, so we can eventually find this trace,” explains Raguseo.
He refers to this method as cognitive technology, something which he and his partner are currently working on to prevent future attacks. With all these factors combined, IBM and MERMEC S.p.A. are hoping to provide the tools to mitigate the risk of an attack as much as possible.
Another relevant aspect to be considered is the level of “security visibility”, necessary to detect a cyber attack and to react to it in the fastest and most efficient way. Operational technology systems are well known to generate little information (like logs) and as such, the “visibility” of what is going on within the network is limited or sometimes, non-existent at all. Identifying relevant data sources among those available, and creating the detection tools is of paramount importance.
Domenico Raguseo currently works as a manager of Technical Sales for IBM Security in Europe. He is a frequent speaker on topics as cyber security, information security management, service management, cloud computing, energy optimisation and smarter planet. Domenico Scardicchio is a senior software engineer, currently working for MERMEC S.p.A. (an Angel Company) . Here, he is involved with the development and management of railway software products related to diagnostics, asset maintenance and signaling systems.
The Intelligent Rail Summit 2017 will take place on 28, 29 and 30 November at the Infocenter of Wiener Linien in Vienna (Austria) and is open for registration.