Re: [SystemSafety] ERTMS Balise security vulnerabilities

From: Brent Kimberley < >
Date: Thu, 2 Jul 2015 09:57:33 -0700


Would monitoring trackside performance and configuration reduce or increase risk?

(i.e. There could be an uncertainty principle at work.)



On Wed, 7/1/15, Chris Johnson <christopher.johnson_at_xxxxxx

 Subject: Re: [SystemSafety] ERTMS Balise security vulnerabilities  To: "Peter Bishop" <pgb_at_xxxxxx  Date: Wednesday, July 1, 2015, 11:58 AM  

 This
 won't help much but the risk apportionment for trackside  and vehicle are available in the relevant Unisig subsets  dealing with the different levels of implementation but  unsurprisingly security threats are explicitly  excludedAll the
 bestChris
 Sent from my
 iPhone
 On 1 Jul
 2015, at 16:48, Peter Bishop <pgb_at_xxxxxx  wrote:  

 I don't know of
 any quantitative analyses.  

 The problem is that threats are so variable.  

 It is easier to postulate specific attacks and the  capability level needed to implement them (e.g. from nation  state downwards).
 On 1 Jul 2015 09:48,
 "paul cleary" <clearmeist_at_xxxxxx  wrote:
 Thanks
 a lot Peter,
 I've
 come across this report in the past. It's high level and  draws attention to the risk of balise security, but  doesn't consider actual threat scenarios or consider  probabilities of risk that's given threats could  occur. 
 With that in
 mind I was keen to find reports detailing qualitative and  quantitative analysis of threats to the balise, balise tool  and communication across the air gap. 
 For eg assessing the likely threats
 and probabilities of Hacking into the Balise Programing Tool  or which communicates with the balise across the air gap or  by intercepting/inserting packets passing across the air gap  remotely   

 Paul Cleary  BSc MSc CEng MIRSE E: pclearyrail_at_xxxxxx  On Jul 1, 2015, at 7:43 AM, Peter Bishop <pgb_at_xxxxxx  wrote:  

 You could take a look at
 this.  

 http://openaccess.city.ac.uk/1522/1/How%20secure%20is%20ERTMS.pdf    

 Peter Bishop    

 On 27 June 2015 at 11:12,
 Paul Work <pclearyrail_at_xxxxxx
 wrote:
 Hi,
 Does anybody know of research into
 security vulnerabilities for ERTMS Balise, including any  quantitative assessment of risks, such as acquisition of  proprietary tools used to interface with Balise  

 Paul Cleary  BSc MSc CEng MIRSE E: pclearyrail_at_xxxxxx


 

 The System Safety Mailing List  

 systemsafety_at_xxxxxx          

 --  

 Peter Bishop
 Chief Scientist
 Adelard LLP
 Exmouth House, 3-11
 Pine Street, London,EC1R 0JH
 http://www.adelard.com
 Recep:  +44-(0)20-7832 5850
 Direct:
 +44-(0)20-7832 5855    



 The System Safety Mailing List
 systemsafety_at_xxxxxx  

 The System Safety Mailing List
 systemsafety_at_xxxxxx  

 -----Inline Attachment Follows-----  



 The System Safety Mailing List
 systemsafety_at_xxxxxx  

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Thu Jul 02 2015 - 18:57:47 CEST

This archive was generated by hypermail 2.3.0 : Mon Apr 22 2019 - 19:17:08 CEST