Safety paves the way for security

Whenever Stefan Persson watches a disaster movie at the cinema where a train is involved, he shakes his head while others scream. He knows how improbable it is for a train to derail or for someone to hack into the system and take control.

Double – and even triple – safety systems, with various levels of redundancy ensure that this cannot happen. And, in the unlikely event that something does occur, other systems are in place which brake and stop the train.

"Then again, there are other causes which mean we have every reason to take these threats seriously," explains Stefan Persson, who is Head Systems Engineer for control systems at Bombardier in Sweden. "Safety is of the utmost importance for our customers, and foreign locomotive manufacturers have experienced incidents."
Incidents which have occurred mainly involved someone managing to hack into a train's infotainment system and altering information, or expressing political or harassing messages.

"It may not seem as serious in comparison but, for example, camera surveillance is becoming increasingly ubiquitous, and we do not want the wrong people taking control of the cameras or accessing the video images. Although it would be easier to gain access to this than to critical functions in a train."

System interconnection increases vulnerability

A reason for infotainment systems being particularly vulnerable is their myriad links to other systems. They interface with other trains to display current connecting trains and possible delays. They gather information from many sources and compile this accordingly so as to be of use to passengers.

"Here, we have a major advantage over companies in other industries," says Stefan. "We have worked with other types of safety and security issues for so many years that we have developed processes with superior functionality. Now, at a time when net-based security threats are growing, we are able to manage these comparably, within our existing systems. Essentially, the same questions need to be asked, even if the solutions are different."

Considering security early saves money

The most important lesson learned from many years of safety and security work is to think about safety from an early stage in development.

"Security is included at all stages during the development of new systems. Security always constitutes some form of compromise, but doing it this way enables us to make conscious choices. And, it becomes cheaper. Adding security features retroactively is often exorbitantly expensive. In practice, it can have to do with practical issues – like where to place various devices on the train. A modern locomotive is brimming with electronic control equipment and some systems are more sensitive than others. These are placed in the most secure areas possible, which makes it easier to do early on in the development process." Notwithstanding their extensive experience, Bombardier selected Combitech to assist them in improving their security.

"They have helped us to implement IT security processes," explains Stefan. "This can be rather complex and it's valuable to have someone to back you up. It also lends extra weight when we say to our customers that we've had IT experts inspecting the systems. It assuages their concerns to a greater extent than if we say we did it ourselves."

Aiming for self-sufficiency

"In the long-run, we'll be self-sufficient in this area as well. But, until then, I must admit that this has been a highly informative journey. I have personally learnt so much by discussing these issues with a third party who understands our situation, but who still has novel approaches."

Bombardier places great emphasis on having the correct approach from the very start, as their locomotive systems must, in many cases, have lifespans counted in decades. A great deal is taking place within safety and security at present.

"It's about designing systems which can be gradually upgraded in terms of security. It may involve embedding some elements deeper into the security architecture, or a design which enables the rapid reinforcement of access security in the form of several firewall layers, for example. Sometimes, it may be better to strengthen the surrounding protection instead of altering critical components."

In the future, Stefan may no longer be the only person sitting in a cinema shaking his head. He sees that interest in IT-related security issues is on the rise within the industry – and customers are no exception.

"It's a sign of the times. Now, we can jointly discuss which security level we desire and customers are willing to pay for IT security. This was not the case ten years ago."