What security measures do we need to protect rail transport from cyberattacks in 2050? Digitalization will permanently change rail travel by then. The degree of automation will increase, operators and customers will be more closely connected to seamlessly integrate mobility into our everyday lives.
In the research project of the German Centre for Rail Traffic Research (DZSF), INCYDE, together with Fraunhofer SIT, Nextrail and the University of Passau, is determining the need for security measures and explores new methodological as well as technical approaches. The goal is to prevent future cyber-attacks, protecting privacy and placing the mutual trust of the players on a technically profound basis.
Project lead: The "Forecast Security Requirements" project is managed professionally and we appreciate the high level of expertise and the associated problem-solving skills. The results of the first work package have already been published as a research report. We look forward to further cooperation.
In order to keep the railway system safe up to the year 2050, it is necessary to develop an idea of the use of digital technologies that is as precise and plausible as possible. This serves as the basis for a risk analysis. Today's risk analysis methods investigate existing systems or systems under development, so they cannot easily be used to analyze future systems.
- How will digital technology affect traffic and transport in 2050?
- How will the railway system look like in 2050?
- Are current cybersecurity concepts future proof for the digital transformation of rail traffic?
- What cybersecurity threats to rail traffic will arise?
Digital technologies were collected as a basis for the risk analysis and their use was described in over 20 use cases. In order to take future threats into account, attack graphs were developed on the basis of known risk analysis methods, which are used to identify gaps in today's protection concepts.
- Technology Outlook until 2050 https://doi.org/10.48755/dzsf.220008.06
- Predict technology utilization on entire railway transportation system (passengers, freight, infrastructure, CCS, rolling stock)
- Over 20 use cases defined covering major technologies
- Development of risk analysis method AttackGraphs: https://github.com/INCYDE-GmbH/drawio-plugin-attackgraphs
- Security Requirements Forecast: Derive abuse cases (new threats) given the predicted technologies
- Risk Analysis: Estimate & quantify the likelihood of abuse cases using a new methodology (AttackGraphs)
- Security Concept Evaluation
- Identify the gap between current security concepts and the requirements of the future
- Develop security concepts to fill the gap