Cybersecurity for eMaintenance in railway infrastructure: risks and consequences

Recently, due to the advancements in the Information and Communication Technology, there has been lot of emphasis on digitization of the existing and newly developed infrastructure. In transportation infrastructure, in general, 80% of the assets are already in place and there has been tremendous push to move to the digital era. For efficient and effective design, construction, operation and maintenance of the infrastructure, due to this digitization, there is increasing research trend in data-driven decision-making algorithms that are proved to be effective because of several advantages. Since railway is the backbone of the society, the data-driven approaches will ensure the continuous operation, efficient maintenance, planning and potential future investments. The breach and leak of this potential data to the wrong hands might result in havoc, risk, trust, hazards and serious consequences. Hence, the main purpose of this paper is to stress the potential challenges, consequences, threats, vulnerabilities and risk management of data security in the railway infrastructure in context of eMaintenance. In addition, this paper also identifies the research methods to obtain and secure this data for potential possible research.

[1]  P. Vishvapathi,et al.  Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data , 2022 .

[2]  Richard Kissel,et al.  Glossary of Key Information Security Terms , 2014 .

[3]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[4]  Ramin Karim A service-oriented approach to e-maintenance of complex technical systems , 2008 .

[5]  Anna Nagurney,et al.  A supply chain network game theory model of cybersecurity investments with nonlinear budget constraints , 2016, Annals of Operations Research.

[6]  James H. Graham,et al.  A New Approach to Cyberphysical Security in Industry 4.0 , 2017 .

[7]  Steffonn Chan SECUR-ED: SECURED URBAN TRANSPORTATION – EUROPEAN DEMONSTRATION , 2012 .

[8]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[9]  Dean N. Williams,et al.  Data-Intensive Science in the US DOE: Case Studies and Future Challenges , 2011, Computing in Science & Engineering.

[10]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .

[11]  Ramin Karim,et al.  An enterprise risk management framework for evaluation of eMaintenance , 2010, Int. J. Syst. Assur. Eng. Manag..

[12]  Virginie Deniau,et al.  Security of railways against electromagnetic attacks , 2013 .

[13]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[14]  Francesco Flammini,et al.  Ensuring cyber-security in smart railway surveillance with SHIELD , 2017 .

[15]  C. Levy-Bencheton,et al.  Cyber security and resilience of intelligent public transport: good practices and recommendations , 2015 .

[16]  Subhajyoti Bandyopadhyay,et al.  Cloud Computing - The Business Perspective , 2011, 2011 44th Hawaii International Conference on System Sciences.

[17]  Keith Willett Information Assurance Architecture , 2008 .

[18]  W. Keith Edwards,et al.  Policies and roles in collaborative applications , 1996, CSCW '96.

[19]  Christophe Gransart,et al.  Cyber Security for Railways - A Huge Challenge - Shift2Rail Perspective , 2017, Nets4Cars/Nets4Trains/Nets4Aircraft.

[20]  Waldemar Nowakowski,et al.  Performance analysis of data security algorithms used in the railway traffic control systems , 2017, 2017 International Conference on Information and Digital Technologies (IDT).

[21]  N. B. Anuar,et al.  The rise of "big data" on cloud computing: Review and open research issues , 2015, Inf. Syst..

[22]  Nāgārjuna,et al.  A Secure Erasure Code-Based Cloud Storage System with Secure Data Forwarding , 2014 .

[23]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[24]  Avita Katal,et al.  Big data: Issues, challenges, tools and Good practices , 2013, 2013 Sixth International Conference on Contemporary Computing (IC3).

[25]  Hongguo Shi Railway Information Sharing Platform Security Requirements Analysis , 2014 .

[26]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[27]  Trent Jaeger,et al.  Proceedings of the sixth ACM symposium on Access control models and technologies , 2001 .

[28]  Andrey V. Chernov,et al.  Security incident detection technique for multilevel intelligent control systems on railway transport in Russia , 2015, 2015 23rd Telecommunications Forum Telfor (TELFOR).

[29]  Adrian Bullock SPACE: SPatial Access Control for collaborative virtual Environments , 1999 .

[30]  Stanley G. Siegel,et al.  Enterprise Cybersecurity , 2015, Apress.

[31]  Sushil Jajodia,et al.  A propositional policy algebra for access control , 2003, TSEC.

[32]  M. D. Bastow,et al.  Cyber security of the railway signalling & control system , 2014 .

[33]  Robert J. Stroud,et al.  The Risk Assessment of ERTMS-Based Railway Systems from a Cyber Security Perspective: Methodology and Lessons Learned , 2016, RSSRail.

[34]  Jinjun Chen,et al.  A Privacy Leakage Upper Bound Constraint-Based Approach for Cost-Effective Privacy Preserving of Intermediate Data Sets in Cloud , 2013, IEEE Transactions on Parallel and Distributed Systems.

[35]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[36]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[37]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[38]  Jaideep Srivastava,et al.  Managing Cyber Threats: Issues, Approaches, and Challenges (Massive Computing) , 2005 .

[39]  Matthew Smith,et al.  Big data privacy issues in public social media , 2012, 2012 6th IEEE International Conference on Digital Ecosystems and Technologies (DEST).

[40]  Matt Bishop Introduction to Computer Security , 2004 .

[41]  Emilio González Viosca,et al.  CARONTE project: Creating an Agenda for Research on Transportation Security , 2016 .

[42]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[43]  Subhajyoti Bandyopadhyay,et al.  Cloud computing - The business perspective , 2011, Decis. Support Syst..

[44]  George Kostopoulos Cyberspace and Cybersecurity , 2012 .

[45]  Eric A. Fischer Cybersecurity Issues and Challenges: In Brief , 2014 .