Cyber threat presents ‘challenging conditions’ for rail: IRS2017

‘Industrial espionage, blackmail, political motivation…’ – just some of the reasons why cyber criminals might target rail, the Intelligent Rail Summit 2017 was told. Those were some of the observations of Christian Sagmeister of ÖBB, speaking at the important three-day event in Vienna.

Sagmeister, Head of Railways Systems at Austrian national rail carrier ÖBB, was just one of more than 20 keynote speakers sharing their ideas, observations and experiences about two of the biggest issues currently facing the rail sector, Cyber Security in Rail and Automatic Train Operation.

Speaking on the second day which focused on Cyber Security in Rail, he shared with delegates some of his thoughts on how railway systems can protect themselves against cyber attacks. Rail infrastructure managers, he said, were finding the growing risk of cyber attacks an increasingly important driver in reviewing existing system architectures and making necessary improvements to guarantee safe train services in ‘challenging conditions’.

Live webcast

Automatic Train Operation (ATO) had been the theme of the opening day of IRS2017, which successfully featured live webcast coverage for the first time, and was chaired by Professor Dr Rob Goverde, Professor of Railway Traffic Operations and Management at Delft University of Technology.

First to take the stage was Dr Andreas Schöbel, of Algo4Rail, who looked at the challenges of ATO in the field of scientific research. Next up was Dr Roman Treydel, Lead Engineer on the ERTMS User Group, who looked at the development of the harmonised specifications for mainline ATO. The first session’s final speaker was Dr Xiaolu Rao of Systransis Ltd, who examined the the integration of traffic management and train automation.

‘Important building block’

On Migration Strategies, Hans Jakob Schnieder, Head of ETCS Competence Center Infrastructure Projects at Swiss Federal Railways was followed by Alfons Schaafsma from Dutch rail infrastructure manager ProRail, who looked at ATO as an important building block for a modern railway industry. On Safety, there were presentations from Michael Meyer Zu Hörste of Deutsches Zentrum für Luft-und Raumfahrt; Richard Koch of Ricardo Rail and finally Dick Terleth & Sander van Lochem of ADSE. That was followed by a final session of case studies, including Nikolaus Panzera of the Vienna Metro, Julian Holmes of CH2M on the ATO Lima Metro proposals, and finally Jacques Poré of Alstom Transport, who looked at the value of ATO for the future operations for suburban and regional rail lines with dense traffic.

Cyber threats

Day Two (Cyber Security), which was chaired by Marieke van Gompel, Programme Manager for IRS2017 examined three specific areas: new developments in the sector; lessons learned from other industries; moving of assets, and fixed assets. ÖBB’s Christian Sagmeister, speaking as part of the moving assets session, told delegates: “It is not always clear to railways how to deal with these situations…it is not always easy to keep systems up to date…if there is a system which is not protected, we have to think about what the operational impact is.” Describing the current situation as a ‘complex system landscape’, Sagmeister said the sector needed ‘segmentation of data’, with an increase in IP-based actors and sensors, and in real-time bandwidth.

‘Industrial espionage’

He then went through some of the ‘failure potential’ motivations for why the rail industry might find itself a target, such as industrial espionage, denial of service and/or blackmail and political motivations. Sagmeister also made the case for railway organisations to consider bringing in experts from outside the industry: “We need to have detailed information about who is connected to the railway network…we think about what can outsource. Is it necessary to have our own centre or can we buy these services?. In the future we will need to hire the people who can manage these challenges…but there is also the question of how much we would like to invest, and this is a management focus.”

‘Common and integrated’ approach

Earlier, François Hausman, Head of Shift2Rail’s Cyber Security Project, had kicked off proceedings by looking at a ‘common and integrated’ cybersecurity approach dedicated to railways. He was followed by Sharvind Appiah, Lead Engineer for Cyber Security at the ERTMS User Group, whose focus on Security Governance in Railways looked specifically at how the individual interests of operations, corporate and CCS have tended to tackle cyber security in ‘silos’, and how this culture can be changed. The day also featured presentations from representatives of Dutch rail operator NS, Dual Inventive, the International Union of Railways and German rail infrastructure manager DB Netz, and from further across the business sector Airbus, IBM and Siemens.

The final day of IRS2017 gave delegates the opportunity to take part in technical visits to the infrastructure of the Vienna Metro system, the Wiener Linien. Those interested in ATO could visit the automatic (driverless) turnback located on the system’s U1 or U4 lines, while those specialising in cyber security visited the Metro’s Operational Control Center at Erdberg station.

Author: Simon Weedy

Simon is a journalist for - a dedicated online platform for all the news about the rail freight sector

Add your comment

characters remaining.

Log in through one of the following social media partners to comment.