[SystemSafety] ERTMS Balise security vulnerabilities

Brent Kimberley brent_kimberley at rogers.com
Thu Jul 2 18:57:33 CEST 2015


Would monitoring trackside performance and configuration reduce or increase risk?  

(i.e. There could be an uncertainty principle at work.)

--------------------------------------------
On Wed, 7/1/15, Chris Johnson <christopher.johnson at glasgow.ac.uk> wrote:

 Subject: Re: [SystemSafety] ERTMS Balise security vulnerabilities
 To: "Peter Bishop" <pgb at adelard.com>
 Cc: "<systemsafety at lists.techfak.uni-bielefeld.de>" <systemsafety at lists.techfak.uni-bielefeld.de>
 Date: Wednesday, July 1, 2015, 11:58 AM
 
 This
 won't help much but the risk apportionment for trackside
 and vehicle are available in the relevant Unisig subsets
 dealing with the different levels of implementation but
 unsurprisingly security threats are explicitly
 excludedAll the
 bestChris
 Sent from my
 iPhone
 On 1 Jul
 2015, at 16:48, Peter Bishop <pgb at adelard.com>
 wrote:
 
 I don't know of
 any quantitative analyses.
 
 The problem is that threats are so variable.
 
 It is easier to postulate specific attacks and the
 capability level needed to implement them (e.g. from nation
 state downwards).
 On 1 Jul 2015 09:48,
 "paul cleary" <clearmeist at hotmail.com>
 wrote:
 Thanks
 a lot Peter,
 I've
 come across this report in the past. It's high level and
 draws attention to the risk of balise security, but
 doesn't consider actual threat scenarios or consider
 probabilities of risk that's given threats could
 occur. 
 With that in
 mind I was keen to find reports detailing qualitative and
 quantitative analysis of threats to the balise, balise tool
 and communication across the air gap. 
 For eg assessing the likely threats
 and probabilities of Hacking into the Balise Programing Tool
 or which communicates with the balise across the air gap or
 by intercepting/inserting packets passing across the air gap
 remotely 
 
 Paul Cleary  BSc MSc CEng MIRSE E: pclearyrail at gmail.comM: +66(0)406158643 
 On Jul 1, 2015, at 7:43 AM, Peter Bishop <pgb at adelard.com>
 wrote:
 
 You could take a look at
 this.
 
 http://openaccess.city.ac.uk/1522/1/How%20secure%20is%20ERTMS.pdf
 
 
 Peter Bishop
 
 
 On 27 June 2015 at 11:12,
 Paul Work <pclearyrail at gmail.com>
 wrote:
 Hi,
 Does anybody know of research into
 security vulnerabilities for ERTMS Balise, including any
 quantitative assessment of risks, such as acquisition of
 proprietary tools used to interface with Balise
 
 Paul Cleary  BSc MSc CEng MIRSE E: pclearyrail at gmail.comM: +66(0)406158643 
 _______________________________________________
 
 The System Safety Mailing List
 
 systemsafety at TechFak.Uni-Bielefeld.DE
 
 
 
 
 
 -- 
 
 Peter Bishop
 Chief Scientist
 Adelard LLP
 Exmouth House, 3-11
 Pine Street, London,EC1R 0JH 
 http://www.adelard.com
 Recep:  +44-(0)20-7832 5850
 Direct:
 +44-(0)20-7832 5855
 
 
 _______________________________________________
 The System Safety Mailing List
 systemsafety at TechFak.Uni-Bielefeld.DE
 
 _______________________________________________
 The System Safety Mailing List
 systemsafety at TechFak.Uni-Bielefeld.DE
 
 -----Inline Attachment Follows-----
 
 _______________________________________________
 The System Safety Mailing List
 systemsafety at TechFak.Uni-Bielefeld.DE
 


More information about the systemsafety mailing list