New detection sensors can help railways cope with EM attacks

(1)

HAL Id: hal-01297680

https://hal.archives-ouvertes.fr/hal-01297680

Submitted on 11 Apr 2016

HAL is a multi-disciplinary open access

archive for the deposit and dissemination of

sci-entific research documents, whether they are

pub-lished or not. The documents may come from

teaching and research institutions in France or

abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est

destinée au dépôt et à la diffusion de documents

scientifiques de niveau recherche, publiés ou non,

émanant des établissements d’enseignement et de

recherche français ou étrangers, des laboratoires

publics ou privés.

New detection sensors can help railways cope with EM

attacks

Virginie Deniau

To cite this version:

Virginie Deniau. New detection sensors can help railways cope with EM attacks. Research EU- results

magazine, 2015, 4p. �hal-01297680�

(2)

New detection sensors can help railways cope with EM attacks

Virginie Deniau, coordinator of the SECRET project, discusses the devices developed by her team to identify electromagnetic (EM) attacks as they occur so that operators can switch to a safe railway mode.

Ele ve n ye ars ago the Madrid train bombings prove d how much Europe an railway s e curity s till ne e de d to be improve d. But now that rail e quipme nt — like in mos t othe r indus trie s — is incre as ingly s tandardis e d and conne cte d, anothe r, more ins idious type of offe ns ive has be come like ly: e le ctromagne tic (EM) attacks . An EU-funde d proje ct has de ve lope d de te ction te chnologie s that can he lp the s e ctor face this ne w thre at. Did you know that s oon, the re will be as many conne cte d de vice s as the re are humans on Earth? Five billion of the s e de vice s are now in us e and this numbe r is e xpe cte d to re ach 25 billion in 2020. Sure , e ach ne w type of conne cte d de vice brings us clos e r to the adve nt of s mart citie s and all of the ir fore s e e n be ne fits . But on the othe r hand, as re ce nt ne ws has s hown, it make s hacke rs and othe r te ch e nthus ias ts with bad inte ntions a growing thre at to s e curity.

In the Europe an railway s e ctor for ins tance , the homoge nis ation of ne twork te chnologie s and the incre as ing us e of wire le s s communications has made the s ce nario of an EM attack ve ry like ly. Communication jamme rs are e as y to us e and available for anyone to purchas e on the Inte rne t, which me ans that communications could pote ntially be jamme d, with trains be ing de laye d, blocke d or e ve n dive rte d.

To ge t the s e ctor re ady to face this ne w thre at, the SECRET (SECurity of Railways agains t Ele ctromagne tic aTtacks ) proje ct has de ve lope d a s e t of de te ction s e ns ors capable of ide ntifying EM attacks as the y occur, s o that rail e quipme nt ope rators can s witch the ne twork to a ‘s afe mode ’ immune to the s pe cific type of EM attack be ing us e d.

Virginie De niau, coordinator of SECRET, dis cus s e s the like lihood of the EM attack s ce nario, the de vice s de ve lope d by he r te am and how the s e ctor will s oon ne e d to adapt to this ne w re ality.

How like ly would you s ay is the EM attack s ce nario?

The de finition of an EM attack e volve s with the multitude of the applications bas e d on wire le s s communication te chnologie s . In the pas t, the EM attacks we re bas e d on the ge ne ration of high powe r inte ntional inte rfe re nce s

(Ele ctromagne tic puls e or high-powe r microwave s ) able to dis rupt or damage e le ctronic e quipme nt. Today, the functions of this e quipme nt can be trigge re d by a command or information trans mitte d by wire le s s links , which me ans it is now e as ie r to dis rupt the trans mitte d information and damage the e quipme nt. Such attacks re quire a le s s powe rful s ignal which can be ge ne rate d by mobile s and othe r dis cre te de vice s .

So, from a te chnological point of vie w, the like lihood of an attack incre as e s with the vulne rability of the infras tructure s . Howe ve r it is difficult to e s tablis h a cle ar probability be caus e today it is impos s ible to dis tinguis h a te chnical failure from an EM attack. EM attacks bas e d on re lative ly ‘low’ powe r s ignal involve dis ruptions but no pe rmane nt damage .

You me ntione d mobile de vice s . Doe s that me an anyone is virtually capable of conducting s uch attacks ?

The knowle dge of the targe t is e s s e ntial to de fine the me ans ne e de d to pe rform an EM attack. Nowadays public communication jamme rs can e as ily be bought on the public marke t but the ir powe r and action are limite d.

Now if we cons ide r profe s s ional or s e curity communication s e rvice s , s pe cific de vice s are ge ne rally re quire d for s uch attacks . The s e de vice s are us ually re s tricte d to the profe s s ional marke t or have to be de ve lope d from s cratch. While pos s ible , this re quire s a ce rtain le ve l of s kill and knowle dge .

Howe ve r, whe n the s e profe s s ional applications are s upporte d by public wire le s s s e rvice s , the y can be dis rupte d by common jamme rs . So the re is a re al is s ue coming up, and the s e curity and criticality of wire le s s s e rvice s have to be s e rious ly cons ide re d.

SECRET focus e s on railway s e curity. What could be the cons e que nce s of EM attacks in this s e ctor?

The main dire ct ris k is a pe rturbation of rail ne twork traffic. It may be pos s ible to pre ve nt the de parture of trains , force

© Virginie De niau

P age 1 o f 3

Research and Innovation

(3)

Related information

Projects

Programmes Countries

Subjects

Se curity - Trans port

train s tops and caus e s ignificant financial los s e s and unmanage able s ituations . Howe ve r, it is difficult to accurate ly as s e s s cas cading ris ks , as the y de pe nd on the characte ris tics of e ach railway ne twork (e xploitation, infras tructure , applications , e tc.).

Can you te ll us more about the tools you de ve lope d?

SECRET's vis ion is that if we are able to de te ct an EM attack with ce rtainty, we can imagine s witching to a s afe railway mode pe rfe ctly adapte d to the s ituation and allowing ope rators to re gain control. The challe nge is the re fore to de ve lop fas t and re liable de te ction s olutions . With this in mind s e ve ral s olutions have be e n s tudie d unde r SECRET. Some could be imple me nte d dire ctly within the communication te rminals and othe r would re quire de dicate d de vice s but offe r the advantage of be ing able to monitor multiple communication links .

In orde r to re ach re s ilie nce , our de te ction s e ns ors we re couple d with an acquis ition and de cis ion te rminal which was charge d with analys ing the output of the s e de te ction s e ns ors and commanding a re configurable te le communication platform. According to s e ns ors ’ output, the de cis ion te rminal dire cts the me s s age s to be trans mitte d towards the communication link that’s mos t re s ilie nt to the EM attack. Obvious ly, s uch an approach re quire s the de ployme nt of s e ve ral communication ne tworks .

Whe n do you e xpe ct SECRET’s te chnology to re ach the marke t?

Due to the mobility and the large s pe ctrum of e le ctromagne tic railway e nvironme nts , the robus tne s s and the total abs e nce of fault of the de te ction s olutions is difficult to de mons trate aboard a train. Howe ve r, whe n the train is not moving, SECRET te chnologie s can be re ally e fficie nt. So we can e nvis age re aching the marke t re lative ly quickly with the s e te chnologie s to prote ct train s tations or othe r critical infras tructure s .

In paralle l, SECRET’s te chnologie s can contribute to the e volution of te le communication s tandards e mploye d in critical infras tructure . Ins te ad of improving pe rformance in te rms of data rate , the s tandards can e volve to provide re al-time information about the quality of s e rvice s or the pre s e nce of jamming s ignals (inte ntional or uninte ntional). The y could the n provide re le vant diagnos tics and activate the ade quate inte rve ntion proce s s .

Europe an railways are alre ady unde r high e conomic and s e curity-re late d pre s s ure . Do you think the s e ctor can be ar the e xtra cos t which the imple me ntation of SECRET’s s olutions would involve ?

I think that with this growing thre at, it will be ne ce s s ary to guarante e the re s ilie nce of the railway ne twork agains t s uch attacks . Us ually wire le s s communication s ys te ms only re pre s e nt a s mall pe rce ntage of the budge t of a railway proje ct. Howe ve r the s e s ys te ms are e s s e ntial in ope rational and s e curity plans . EM attacks can have dramatic cons e que nce s in te rms of cos t, and if the y are e as y to imple me nt, the y can als o be come fre que nt malicious actions . So a s olution agains t EM attacks s hould be cons ide re d while balancing ris ks , impacts and inve s tme nts .

What are your plans now that the proje ct is clos e to its e nd?

We would like to te s t our analys is of EM attacks with othe r type s of attacks s uch as phys ical or othe r cybe rattacks . In fact, jamming attacks can e as ily be e mploye d in s upport of othe r malicious actions in orde r to avoid vide o or alarm trans mis s ions . As a cons e que nce , the ris ks analys e s have to take into account pote ntially couple d phys ical and

jamming attacks . We als o think that the de te ction archite cture for EM attacks propos e d in SECRET s hould be couple d with othe r monitoring tools for infras tructure in orde r ge t a be tte r gras p of what’s happe ning on the ne twork in re al time . For furthe r information, ple as e vis it:

SECRET

http://www.s e cre t-proje ct.e u/

Source: Inte rvie w from is s ue 44 of re s e arch*e u re s ults magazine , page 7.

SECRET - SECurity of Railways agains t Ele ctromagne tic aTtacks FP7-SECURITY

France

P age 2 o f 3

(4)

Last updat ed o n 2015-07-14

Cate gory: Inte rvie ws Provide r: EC

Ret rieved o n 2016-04-04

P age 3 o f 3