Head Shift2Rail cyber security project
On the way of a common and integrated cybersecurity approach dedicated to Railway
Railway systems, as with most Industrial Control Systems (ICS), have been considered immune to cyber security threats and attack for years. Nevertheless, the increase in the use of interconnected and digitalized assets in the railway sector and the parallel increase of cyber-crime targeting ICS have driven the need for a defined and coordinated approach to security assessment in order to deliver cyber-secure infrastructure and solutions in the railway industry.
In this paper, the holistic cyber security approach proposed by the Shift2Rail project is depicted. A security assessment process is suggested for the railway industry that will deliver secure solutions and processes that are consistent and encompasses the need of asset owners, system integrators and product suppliers.
The assessment process takes in to consideration the security requirements with direct reference through international standards such as IEC 6244. Through identification of the current threat landscape a common risk based approach can be defined which will develop and inform the security models, protection profiles and maturity levels for the lifecycle of assets.
Francois Hausman has an experience of 18 year in railway signalling in Alstom where he had the opportunity to lead, during 8 years, the technical design, development and validation of the ERTMS trackside solutions.
He is currently Mainline Cyber Security manager for Alstom in charge of the definition of the cyber security policies, processes, strategies and solutions for the Alstom mainline portfolios. Since 2015, he is leading the Shift2Rail work package dedicated to the definition of common approaches and solutions for railway cyber security. For 2 years, he is representative in the CENELEC working groups dedicated to railway cyber security for the Belgium Electronic Committee. Since 2008, he is leader of the work package dedicated to the definition of the interoperable technical solutions for the distribution of credential information.