Cybersecurity of Railway Control Systems

Similar documents
Introduction to the Actuator Sensor-Interface

find out why they made the smart choice More than 85 transport authorities around the world rely on OTN Systems for their operational communications

Understanding Device Level Connection Topologies

CELLULAR PHONES AND WI-FI IN THE SUBWAY

Research of PROFIBUS PA s integration in PROFINET IO

Introduction to PROFIBUS and PROFINET

Implementing Passenger Information, Entertainment, and Security Systems in Light Rail Transit

Substation Automation Systems. Nicholas Honeth

Welcome to the LRT Overview Open House

Industry Overview. Transportation

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Training Document for Comprehensive Automation Solutions Totally Integrated Automation (T I A) MODUL E04

S-series DeviceNet Interface Card

Hirschmann Networking Interoperability in a

NEW GENERATION PROGRAMMABLE AUTOMATION CONTROLLER

Passenger Rail Service

Industrial Communications Training

A Review of Transit Technology Specifications

IP Address Assignment in Large Industrial Networks

Connectivity solutions for transport automation

estadium Project Lab 8: Wireless Mesh Network Setup with DD WRT

Using installed Fieldbus Wiring to carry Ethernet Communications

References: Fully automated metro lines worldwide

Building Secure Networks for the Industrial World

Fact sheet DTZ Fair Value Index TM methodology

Understanding Device Level Connection Topologies

US Travel Costs Item (Flight/train/car hire taxis NOT included) Item date (original order date) Cost ( )

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Using a simple crossover RJ45 cable, you can directly connect your Dexter to any computer.

CTCS Chinese Train Control System

PROFIBUS fault finding and health checking

Transit Technology Alternatives

Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative

The Shift to Wireless Data Communication

Real-time Video Monitoring Increases the Efficiency of SCADA Process Management

Stratix 5700 Switch Configuration

Automation Unit TM 1703 ACP Flexible automation and telecontrol

Power Supply Systems. Performance guaranteed. Power Supply Systems single-voltage UIC-systems multi-voltage UIC-systems

ModBus Server - KNX. Gateway for integration of KNX equipment into Modbus (RTU and TCP) control systems.

Plant automation and telecontrol in one system. SIMATIC PCS 7 TeleControl SIMATIC PCS 7. Answers for industry.

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Passenger Information and Entertainment

Overview and Applications of PROFINET. Andy Verwer Verwer Training & Consultancy Ltd

Practical steps for a successful. PROFIBUS Project. Presented by Dr. Xiu Ji Manchester Metropolitan University

Connect the Leading Global Financial Centres by Ultra Low Latency Network

AutoLog ControlMan. Remote Monitoring & Controlling Service

Trainguard Sirius CBTC

National Railroad Passenger Corp. (AMTRAK) Session 1 Threats and Constraints. Continuous. - Continuous Monitoring. - Continuous Assessment

High rate and Switched WiFi. WiFi QoS, Security 2G. WiFi a/b/g. PAN LAN Cellular MAN

Semaphore T BOX Applications in Data Center Facilities

FIBER OPTIC APPLICATION IN A PROFIBUS NETWORK

IT Security and OT Security. Understanding the Challenges

Developing Wireless GPIB Test Systems Using the GPIB-ENET/100

Security with Passion

About IER. HARDWARE MAINTENANCE and support services. PROFESSIONALISM and experience

Promiscuous Monitoring in Ethernet and Wi-Fi Networks

M-series Virtual I/O Module 2

Symphony Plus Cyber security for the power and water industries

Trains crossing at Toronto s Old Mill Station 2009 TTC. Train Control

T&E. Where Business Travelers Spend Money

IEEE Projects in Embedded Sys VLSI DSP DIP Inst MATLAB Electrical Android

Lecture 4 Profibus. Urban Bilstrup Urban.Bilstrup@ide.hh.se

Endless possibilities

Dr. György Kálmán

Personna PC web-based software. Q-AdminTM client. Lighting management hub (floor 2) Lighting management hub (floor 1)

SCADA Security Training

154 PHOENIX CONTACT Courtesy of Steven Engineering, Inc.-230 Ryan Way, South San Francisco, CA Main Office: (650) Outside Local

ISA Security Compliance Institute

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

SECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007

THE SCADA REVIEW: SYSTEM COMPONENTS, ARCHITECTURE, PROTOCOLS AND FUTURE SECURITY TRENDS

What Makes Cities Successful Randstad on the World Stage

Security Testing in Critical Systems

Cyber Security of the Power Grid

PROFIBUS AND MODBUS: A COMPARISON

Configuring PROFINET

The Geography of Foreign Students in U.S. Higher Education: Origins and Destinations. Neil G. Ruiz, The Brookings Institution, February 11, 2015

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

Railway Simulation & Timetable Planning

Smart DeviceNet Remote I/O Terminals

IT 3202 Internet Working (New)

Cisco Fog Computing Solutions: Unleash the Power of the Internet of Things

PROFINET IO Diagnostics 1

FOXBORO. I/A Series SOFTWARE Product Specifications. I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 OVERVIEW

URBALISTM SoLUTIonS Beyond CBTC BasiCs

A GUIDE TO NEW YORK CITY REGIONAL TRANSPORTATION

Intelligent Device Management with DCS, PLC, and RTU

Technology Spotlight on Cellular Data Networking for SCADA system networks. Presented by Teamwork Solutions, Inc.

Building Secure Network Infrastructure For LANs

Development of a Gateway to PROFIBUS for Remote Diagnostics

INDUSTRIAL GATEWAYS VPN ROUTERS SERIAL DEVICE SERVERS

Monitoring and diagnostics. Field data integration to control room solution guide

Siemens AG Fieldbus solutions with the SIMATIC PCS 7 distributed control system. Brochure April 2010 SIMATIC PCS 7. Answers for industry.

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Advanced Transportation Management Systems

Transcription:

Cybersecurity of Railway Control Systems Fred Woolsey LTK Engineering Services David Teumim, CISSP Teumim Technical, LLC

About the Speakers Dave Teumim Fred Woolsey CISSP (Certified Information System Security Professional) BS in Electrical Engineering, MEng in Systems Engineering MS in Chemical Engineering Chair of IEEE RTVISC Working Group 9 Author of book Industrial Network Security published by ISA Independent Consultant 30+ years in railway industry with LIRR, ABB/Adtranz, LTK Member IEEE, ISA, ACM 2

Introducing Rail Transit Transport passengers, not goods Usually run by public agencies Freight railways transport goods Usually privately owned Other transportation modes Air Highway Shipping 3

Types of Rail Transit Commuter Rail Light Rail Heavy Rail (Metro) (Light Rail Image Courtesy of Houston Metro) 4

Railway Control Systems Use: SCADA PLC s Fieldbus Sensors (speed, pressure, temperature), actuators (motors, valves), Windows XP; embedded on locomotives and coaches, Windows workstations in control centers Vital = Intrinsically Safe (signaling, interlocking, train control) 5

Example Light Rail Control System OCC Ethernet configuration Router Router Hub S O N E T Hub Hub Hub Hub Hub Hub Hub SIH1 FANNIN SIH2 GEENBRIAR ST. SIH3 GALEN SIH4 MAC GREGOR SIH5 WICHITA ST. SIH6 ALABAMA ST. SIH7 PIERCE ST. SIH8 FRANKLIN ST. Switch TPSS DP slaves TPSS DP slaves TPSS DP slaves TPSS DP slaves TPSS DP slaves TPSS DP slaves TPSS DP slaves TPSS DP slaves provided by TPSS Ethernet IEC 104 on TCP/IP connection Ethernet TCP/IP connection Profibus DP connecetion TTY Point to Point connection communication house RTU distributed I/O equipment (if necessary) DP/DP coupler TWC equipment TPSS PLC equipment (Network Diagram Courtesy of Metro) 6

Do These Names Sound Familiar? Rail control system vendors include: Siemens Invensys GE Rockwell Automation 7

What are Areas for Applying Control System Security? Wireless (Computer Based Train Control) Wireless (Telemetry) Networked Ticket Vending Machines SCADA (electric traction, signals) Control system/enterprise connections 8

Introducing APTA Primary Industry Organization for Rail Transit 1,500 Member Organization Members Serve More Than 90% Of Public Transit Riders In U. S. And Canada Provide Services To Members That Create A Safer And More Secure Environment For Public Transportation Riders, Workers And The Public At Large. 9

APTA Industry Activities Standards committees Technical forums Conferences and exhibitions 10

Rail Transit Communication Links Commuter Rail Wayside Signaling Highway-Rail Traffic Control Light Rail Control Centers Travelers and Stations Bus Shops 11

Wireless (Telemetry) 10.1.0.0 RADIUS Server Ground Station Server Home Agent NJT WAN Intranet Clients Internet Clients 10.2.0.0 Internet Access Point with Proxy Mobile IP Mobile Node Authoritative Access Point with Proxy Mobile IP Foreign Agent 10.3.0.0 Foreign Agent Authoritative Access Point with Proxy Mobile IP Access Point with Proxy Mobile IP Mobile Node 12

Wireless (CBTC) NYC Transit Canarsie Line SF Muni Light Rail Detroit APM London Docklands (IL In Service) Lyon Line D Malaysia Kuala Lumpur Putra Line (In Service) JFK - Airport (IL-in service) SF BART (RF-under development) Toronto Scarborough Line (IL in service) London Jubilee & Northern Lines Paris Line 13 (RF under Development) Hong Kong West Rail (IL in Service) Long Island Railroad SFO Airport (RF- in service) Vancouver SkyTrain (IL- in service) London Heathrow Airport (Recent Award) Paris Line 14 (IL in Service) Ankara ARTS (IL-in service) Washington DC APM at Dulles (RF being deployed) Las Vegas Monorail (RF in Service) Barcelona (RF-recent award) Singapore North East Line URBALIS 300 (RF in service) Philadelphia Subway Surface Line (RF- nearing deployment) Paris Lines 3/4/9/10 /12 "OURAGAN" Hong Kong Penny's Bay (RF - nearing revenue service date) Dallas Ft.-Worth Airport (RF recent award) Madrid (Recent Award) Wuhan Mainland China LRT Line (IL in service) Seattle (Airport) (RF being deployed) Budapest Taipei Neihu Line (RF awarded) 13

Vulnerabilities Rogue Client Point of Attack: Denial of Service Attack Publicly Accessible Not Publicly Accessible NJT WAN Packet Flood Ticket Vending Machines Ticket Vending Server 14

Railway Age Magazine First Article on Rail Control Security January 05 Railway Security Conference January 06 Railway Security Conference 15

Collaboration with the PCSF Community Technical Interchange Wireless Issues/Technology hot area Transportation potential market area for new control security technologies 16

Contact Information Fred Woolsey LTK Engineering Services 215-641-8865 fwoolsey@ltk.com Dave Teumim Teumim Technical, LLC 610-398-5546 dave431@enter.net 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information