SECRET addresses the protection of railway infrastructure against EM attacks. Railway infrastructure is an attractive target for EM attacks, because of its familiarity and ease of access, with extended economic and security consequences.
Today, the European rail network is evolving to harmonize the management system. This is reflected by new integrated technologies, adequate procedures and centralization of command centres. The new technologies facilitate the implementation of a harmonized system and improve the network competitiveness. However, they are also highly vulnerable to EM attacks (HPM and EMP). Railway actors fear this growing EM vulnerability and have no knowledge on the extent and severity of consequences.
The risk of EM attacks is also increasing due to the higher use of interoperable systems (command/control, information systems). The harmonization of the European railway network results in a harmonized EM vulnerability. Thus, a device to generate EM attacks will have the same impact anywhere in Europe, facilitating the implementation of simultaneous EM attacks.
Meanwhile, with the proliferation of wireless systems, access to radiated emission equipment is radically democratized, which facilitates the manufacture of EM interference transmitters able to disturb the technologies used for management of the railway network.
- identify the vulnerability points at different levels (from the electronic to the systemic vision)
- identify EM attack scenarios and risk assessment (service degradation, potential accidents, economic impacts…)
- identify public equipment which can be used to generate EM attacks
- develop protection rules to strengthen the infrastructure (at electronic, architecture and systemic levels)
- develop EM attack detection devices and processes
- develop resilient architecture able to adequately react in case of EM attack detection
- extract recommendations to ensure resiliency and contribute to standards
Improving railway security
Standardised European rail equipment makes it easy to attack the network. A European study assessed likely forms of electromagnetic (EM) attack, and is devising protective solutions involving reliable communications architecture and a management system.
The homogenisation of European rail network technologies brings many advantages, yet also introduces security risks. EM equipment able to affect one part of the system can easily affect another, especially considering that Europe's railways only adapt public technologies.
With EU funding, the 'Security of railways against electromagnetic attacks' (SECRET) project investigated the impact of EM attacks on European rail networks. Comprised of an 11-member consortium, the project's objectives include threat assessment, technical protection and policy recommendations. The initiative will conclude in August 2015, after three years of operation.
The project considered how to proceed with a risk analysis of rail network technologies and threat assessment. Research identified the three most probable classes of attack. Two were possible but technically difficult, leaving the most credible threat as the jamming of information transmitted between system components. Publicly detailing such threats makes implementing them easier; therefore, a 'use case' lacking sensitive information has been defined to test various solutions.
Laboratory testing characterised the signals produced by jamming devices and assessed the vulnerability of receiver equipment. Similar measurements were performed along the tracks, as well as inside train carriages and stations. Data were collected showing the effect of separated two-part EM attack devices.
The team has proposed a protection solution that combines robust communications architecture with an attack management sub-system. Testing will commence in a future phase of the project.
SECRET has thus far defined possible security threats to European rail systems, and is on the path to offering practical solutions. The research has also showed how attacks might work in practice.