[SystemSafety] ERTMS Balise security vulnerabilities

Chris Johnson christopher.johnson at glasgow.ac.uk
Wed Jul 1 17:58:06 CEST 2015 

This won't help much but the risk apportionment for trackside and vehicle are available in the relevant Unisig subsets dealing with the different levels of implementation but unsurprisingly security threats are explicitly excluded
All the best
Chris

Sent from my iPhone

> On 1 Jul 2015, at 16:48, Peter Bishop <pgb at adelard.com> wrote:
> 
> I don't know of any quantitative analyses.
> The problem is that threats are so variable.
> It is easier to postulate specific attacks and the capability level needed to implement them (e.g. from nation state downwards).
> 
>> On 1 Jul 2015 09:48, "paul cleary" <clearmeist at hotmail.com> wrote:
>> Thanks a lot Peter,
>> 
>> I've come across this report in the past. It's high level and draws attention to the risk of balise security, but doesn't consider actual threat scenarios or consider probabilities of risk that's given threats could occur. 
>> 
>> With that in mind I was keen to find reports detailing qualitative and quantitative analysis of threats to the balise, balise tool and communication across the air gap. 
>> 
>> For eg assessing the likely threats and probabilities of Hacking into the Balise Programing Tool or which communicates with the balise across the air gap or by intercepting/inserting packets passing across the air gap remotely 
>> 
>> Paul Cleary  BSc MSc CEng MIRSE
>>  
>> E: pclearyrail at gmail.com
>> M: +66(0)406158643
>>  
>> 
>>> On Jul 1, 2015, at 7:43 AM, Peter Bishop <pgb at adelard.com> wrote:
>>> 
>>> You could take a look at this.
>>> 
>>> http://openaccess.city.ac.uk/1522/1/How%20secure%20is%20ERTMS.pdf
>>> 
>>> 
>>> Peter Bishop
>>> 
>>> 
>>>> On 27 June 2015 at 11:12, Paul Work <pclearyrail at gmail.com> wrote:
>>>> Hi,
>>>> 
>>>> Does anybody know of research into security vulnerabilities for ERTMS Balise, including any quantitative assessment of risks, such as acquisition of proprietary tools used to interface with Balise
>>>> 
>>>> Paul Cleary  BSc MSc CEng MIRSE
>>>>  
>>>> E: pclearyrail at gmail.com
>>>> M: +66(0)406158643
>>>>  
>>>> 
>>>> _______________________________________________
>>>> The System Safety Mailing List
>>>> systemsafety at TechFak.Uni-Bielefeld.DE
>>> 
>>> 
>>> 
>>> -- 
>>> 
>>> Peter Bishop
>>> Chief Scientist
>>> Adelard LLP
>>> Exmouth House, 3-11 Pine Street, London,EC1R 0JH 
>>> http://www.adelard.com
>>> Recep:  +44-(0)20-7832 5850
>>> Direct: +44-(0)20-7832 5855
>>> _______________________________________________
>>> The System Safety Mailing List
>>> systemsafety at TechFak.Uni-Bielefeld.DE
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150701/baecefca/attachment.html>

More information about the systemsafety mailing list