Re: [SystemSafety] ERTMS Balise security vulnerabilities

From: Peter Bishop < >
Date: Wed, 1 Jul 2015 16:48:16 +0100


I don't know of any quantitative analyses. The problem is that threats are so variable. It is easier to postulate specific attacks and the capability level needed to implement them (e.g. from nation state downwards). On 1 Jul 2015 09:48, "paul cleary" <clearmeist_at_xxxxxx

> Thanks a lot Peter,
>
> I've come across this report in the past. It's high level and draws
> attention to the risk of balise security, but doesn't consider actual
> threat scenarios or consider probabilities of risk that's given threats
> could occur.
>
> With that in mind I was keen to find reports detailing qualitative and
> quantitative analysis of threats to the balise, balise tool and
> communication across the air gap.
>
> For eg assessing the likely threats and probabilities of Hacking into the
> Balise Programing Tool or which communicates with the balise across the air
> gap or by intercepting/inserting packets passing across the air gap
> remotely
>
> *Paul Cleary * BSc MSc CEng MIRSE
>
>
>
> E: pclearyrail_at_xxxxxx >
> M: + <+44%20(0)7860%20861979>66(0)406158643
>
>
>
> On Jul 1, 2015, at 7:43 AM, Peter Bishop <pgb_at_xxxxxx >
> You could take a look at this.
>
> http://openaccess.city.ac.uk/1522/1/How%20secure%20is%20ERTMS.pdf
>
>
> Peter Bishop
>
>
> On 27 June 2015 at 11:12, Paul Work <pclearyrail_at_xxxxxx >
>> Hi,
>>
>> Does anybody know of research into security vulnerabilities for ERTMS
>> Balise, including any quantitative assessment of risks, such as acquisition
>> of proprietary tools used to interface with Balise
>>
>> *Paul Cleary * BSc MSc CEng MIRSE
>>
>>
>>
>> E: pclearyrail_at_xxxxxx >>
>> M: + <+44%20(0)7860%20861979>66(0)406158643
>>
>>
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety_at_xxxxxx >>
>>
>
>
> --
>
> Peter Bishop
> Chief Scientist
> Adelard LLP
> Exmouth House, 3-11 Pine Street, London,EC1R 0JH
> http://www.adelard.com
> Recep: +44-(0)20-7832 5850
> Direct: +44-(0)20-7832 5855
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >
>



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Jul 01 2015 - 17:48:28 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 25 2019 - 13:17:07 CEST