The second SAFETY4RAILS project workshop with the external experts of the advisory board was held on 15 March. SAFETY4RAILS aims to increase railway infrastructure resilience against combined cyber-physical threats, including natural hazards. To achieve this goal, the project will provide the railways with a set of tools addressing risk assessment, risk reduction, threat prevention, threat detection, stakeholder response to incidents and system recovery. By providing intelligence, the SAFETY4RAILS information system (S4RIS) platform will assist end users and enhance decision-making capabilities.
After almost six months of work, the consortium partners presented the work achieved regarding identification of needs and requirements from the end user’s perspective on the threat landscape, as well as specific requirements for standardisation and interoperability. Security experts from railway companies, authorities, EU agencies and ethical experts attended the meeting and exchanged their views on these initial results with the partners.
After a brief overview of the project by UIC, the main requirements identified and prioritised by the consortium end users: RFI (Italy), ProRail (Netherlands), TCDD (Turkey) and FGC (Spain) for the railways, Metro de Madrid, EGO (Ankara metro) for metro operators, Commune de Milano and UIC as the end user coordinator, with support from other project partners, were presented by CEIS, who is leading this task. Starting with the threat and risk landscape, more than 70 needs and requirements have been drafted and ranked by the partners. Among the high-level requirements, the following were highlighted:
- Improvement of communications (both internal and external to railways and metro organisations): need for automation, IT-based information and reporting systems,
- Ensuring security of systems: multifactor authentication, encryption process for passenger personal data, secure integration of connected services (including the digitalisation of legacy systems, etc.),
- Cooperation with authorities (exchange of information on incidents, etc.)
- Monitoring and detection (automation of online monitoring process, improvement of detection of weak signals, deployment of smart sensors, etc.).
RINA then focused on requirements derived from standards. Within the current EU legal framework and international standards in the field of security, the NIS EU Directive has been identified as the key legal text regulating security aspects for the railway sector. There are currently no mandatory security standards for the rail sector; however, non-mandatory standards and best practices have been analysed to ensure that S4RIS is consistent and aligns as much as possible with the most frequently adopted security standards, such as ISO 27001, IEC 62443 and ISO 27035.
Interoperability is a key component of the future S4RIS, and Fraunhofer EMI provided an overview on the interoperability of the S4RIS itself with the integration of 17+ different tools, as well as possible approaches to integrating S4RIS with end users’ legacy systems. The S4RIS GUI will be a web-based interface aimed at providing a single point of access to the tools integrated in the platform and to support end users’ operators.
Finally, the S4RIS concept architecture was presented by the Greek National Centre for Scientific Research, “Demokritos”. S4RIS tools can be classified in three main categories: real-time monitoring/infrastructure tools, simulation tools and risk assessment and decision support tools. S4RIS tools will interact in the S4RIS with several information flows. The system’s proposed architecture was presented. It is divided into five different layers: the source layer, information exchange layer, storage layer, data processing layer, and decision support/application layer. This architecture demonstrates how the different components of the S4RIS can be integrated.
The workshop was highly interactive, with numerous inputs and feedback on key requirements, such as the importance of securing the S4RIS platform itself in view of the fact that it will handle very sensitive information. The user interface for S4RIS was also discussed, and the semantic data model was highlighted as a key requirement to ensure tool integration from the user’s point of view.
The next workshop with the advisory board will be held at the end of April, focusing on a number of use cases and specific requirements for crisis management and communication to the public from a multimodal point of view. It will seek to ensure a smooth transition toward the further definition of scenarios to be tested later in the project.
SAFETY4RAILS can be followed on Twitter @Safety4R, as well as on LinkedIn (https://www.linkedin.com/company/safety4rails-eu-project/), and the project website is https://safety4rails.eu/