Re: [SystemSafety] ERTMS Balise security vulnerabilities

From: Chris Johnson < >
Date: Wed, 1 Jul 2015 16:58:06 +0100


This won't help much but the risk apportionment for trackside and vehicle are available in the relevant Unisig subsets dealing with the different levels of implementation but unsurprisingly security threats are explicitly excluded All the best
Chris

Sent from my iPhone

> On 1 Jul 2015, at 16:48, Peter Bishop <pgb_at_xxxxxx
> 
> I don't know of any quantitative analyses.
> The problem is that threats are so variable.
> It is easier to postulate specific attacks and the capability level needed to implement them (e.g. from nation state downwards).
> 
>> On 1 Jul 2015 09:48, "paul cleary" <clearmeist_at_xxxxxx
>> Thanks a lot Peter,
>> 
>> I've come across this report in the past. It's high level and draws attention to the risk of balise security, but doesn't consider actual threat scenarios or consider probabilities of risk that's given threats could occur. 
>> 
>> With that in mind I was keen to find reports detailing qualitative and quantitative analysis of threats to the balise, balise tool and communication across the air gap. 
>> 
>> For eg assessing the likely threats and probabilities of Hacking into the Balise Programing Tool or which communicates with the balise across the air gap or by intercepting/inserting packets passing across the air gap remotely 
>> 
>> Paul Cleary  BSc MSc CEng MIRSE
>>  
>> E: pclearyrail_at_xxxxxx
>> M: +66(0)406158643
>>  
>> 

>>> On Jul 1, 2015, at 7:43 AM, Peter Bishop <pgb_at_xxxxxx >>>
>>> You could take a look at this.
>>>
>>> http://openaccess.city.ac.uk/1522/1/How%20secure%20is%20ERTMS.pdf
>>>
>>>
>>> Peter Bishop
>>>
>>>
>>>> On 27 June 2015 at 11:12, Paul Work <pclearyrail_at_xxxxxx
>>>> Hi,
>>>> 
>>>> Does anybody know of research into security vulnerabilities for ERTMS Balise, including any quantitative assessment of risks, such as acquisition of proprietary tools used to interface with Balise
>>>> 
>>>> Paul Cleary  BSc MSc CEng MIRSE
>>>>  
>>>> E: pclearyrail_at_xxxxxx
>>>> M: +66(0)406158643
>>>>  
>>>> 
>>>> _______________________________________________
>>>> The System Safety Mailing List
>>>> systemsafety_at_xxxxxx

>>>
>>>
>>>
>>> --
>>>
>>> Peter Bishop
>>> Chief Scientist
>>> Adelard LLP
>>> Exmouth House, 3-11 Pine Street, London,EC1R 0JH
>>> http://www.adelard.com
>>> Recep: +44-(0)20-7832 5850
>>> Direct: +44-(0)20-7832 5855
>>> _______________________________________________
>>> The System Safety Mailing List
>>> systemsafety_at_xxxxxx
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx


The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Jul 01 2015 - 17:58:16 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST