‘Common understanding of cyber security is necessary in the railway industry’
Digitalisation is truly a mega trend, but not many people are talking about cyber security. It is the most crucial step in the entire process of developing a product; you need to ensure that your system is secure and avoid vulnerabilities at all cost”, says David Rogers, who currently works as a business development manager for Siemens in the division Process Industries and Drives, focusing on communication solutions for the railway industry. At the Intelligent Rail Summit, held in Vienna between 28-30 November, he will be discussing the basic concept of 62443, a cyber security guideline.
“The 62443 series are a procedure to standardise security measures in automation systems”, Rogers explains. “It is a way of making security comparable, or meaningful.” He draws a comparison with the safety evaluation standard safety integrity level SIL, which every engineer working in the field of machine safety understands. “A common understanding is needed to ensure security in a time when automated systems are taking over our tasks.”
Beyond the firewall
There are many security elements applicable to the systems of today, Rogers continues. “Most people immediately think of firewalls, but a secure system includes much more than that. Think of secure access of the facilities where the system is located or password management. For all these different measures, a security approach is required. The 62443 series offers a holistic approach that can be applied in the entire system and throughout the entire process, from developer to asset owner.”
Beyond 62443 compliance, vulnerability handling also plays a big role. Once a vulnerability is discovered, it will immediately be openly communicated to the customer, says Rogers. “Within our company, we have a team, which responds to potential security incidents and vulnerabilities related to Siemens products, solutions and services, by explaining the scenario and how to fix it.”
Importance in railway
“In the railway sector, security vulnerabilities can have major consequences. One day, a teenager modified a transmitter to become a remote control, which enabled him to manipulate turnouts and re-directed trains in a city tram system in Poland. In the end some trams where derailed and people got injured. If somebody does have the wrong intentions, a lot of damage can be done. The railway network needs to be seen nowadays as critical infrastructure and can be a target for hostile activities”, he concludes.
Working for Siemens, Rogers is involved in the development of communication products for various industries such as factory automation, transportation or electric power. In the development of these products, the company aims to comply with the 62443 measurements. “We are just a piece of the puzzle”, he notes. Rogers has extensive knowledge along all aspects of automation and digitalisation including IT-security and transfers this knowledge into rail concepts leveraging the digitalization trend.
David Rogers of Siemens will speak on 29 November at the Intelligent Rail Summit 2017 in the Infocenter of the Wiener Linien. Please visit the conference website for more information: https://www.railtech.com/intelligent-rail-summit-2017/