The modernization of rail control systems has resulted in an increasing reliance on digital technology and increased the potential for security breaches and cyber-attacks. Higher-level European Train Control System(ETCS) systems in particular depend on communications technologies to enable greater automation of railway operations, and this has made the protecting the integrity of infrastructure, rolling stock, staff and passengers against cyber-attacks ever more crucial. The growth in Internet of Things (IoT) technology has also increased the potential risks in this area, bringing with it the potential for huge numbers of low-cost sensing devices from smaller manufacturers to be installed and used dynamically in large infrastructure systems; systems that previously relied on closed networks and known asset identifiers for protection against cyber-attacks. This chapter demonstrates that how existing data resources that are readily available to the railways could be rapidly combined and mapped to physical assets. This work contributes for developing secure reusable scalable framework for enhancing cyber security of rail assets
TopIntroduction
The Internet of Things (IoT) has evolved rapidly over the last 5 years, bringing with it the promise of low-power, connected devices that are able to monitor themselves and their surroundings. While much of the marketing hype around the IoT has been about consumer devices (connected fridges etc.), much of the standards development has been driven by industrial applications, in particular the need to find low-cost solutions for the monitoring of geographically dispersed infrastructure networks, such as roads, railways, or pipelines. Underpinning the IoT is the integration of a number of existing sensor, actuator and communication technologies; RFID-based identification, wired and wireless sensors, actuator networks (powered values etc.), enhanced communication protocols (4G mobile data etc.), and distributed intelligence for smart objects are just the tip of the iceberg. In industrial contexts, the IoT falls into the category of a Cyber-Physical System. Cyber Physical Systems (CPS) can be defined as system of collaborating computational elements controlling physical entities, (Pu,2011). A CPS integrates the 3Cs: Computation, Communication and Control, and enables the interaction between the physical world and the cyber world. CPS can provide real-time sensing, dynamic control, information feedback, and other services (Dong et al., 2011). The use of IoT technologies as a component of wider CPS has huge potential for impact in many domains. Some representative applications are personalized healthcare, intelligent transportation systems, sustainable environment, and disaster management etc..,(Gupta et al., 2013). They also share significant quality of service requirements,including the need for near real-time performance, continuous availability, high security and privacy of individual’s personal data(Pu et al., 2011). Further examples of industrial applications of the IoTinclude cyber-transportation systems (CTS), machine-to-machine (M2M) communications, (Wan et al., 2011).
By increasing the degree of connectivity of everyday devices, the IoT will drive a significant increase in the complexity of many infrastructure-based systems, not least due to the increase in the number of data endpoints the system as a whole will expose to potential threats (Ma et al., 2011). The authenticity and integrity of data being produced via the IoT is therefore a source of great interest within industrial domains, where asset data is the basis of many (potentially costly) real-time decision making processes. This is reflected in the scope of research projects currently investigating IoT topics, whereensuring the cyber security of resultant systems is a real concern, (Suoet al, 2011).
In summary, the IoT offers the rail industry huge potential benefits in terms of ease of monitoring its geographically dispersed infrastructure, vehicles, and operating status (including climatic effects, tresspass etc.); however, it also brings increased risk of cyber-attacks through increasing numbers of devices and data endpoints, communicating over public telecoms networks, and coming from a large number of non-traditional supply chains,(Ma et al. 2011). In this chapter author discusses one potential mechanism for mitigating those risks, through the use of ontology-driven asset monitoring frameworks, tuned to detect cyber-attacks.