[SystemSafety] ERTMS Balise security vulnerabilities
Brent Kimberley
brent_kimberley at rogers.com
Thu Jul 2 18:57:33 CEST 2015
Would monitoring trackside performance and configuration reduce or increase risk?
(i.e. There could be an uncertainty principle at work.)
--------------------------------------------
On Wed, 7/1/15, Chris Johnson <christopher.johnson at glasgow.ac.uk> wrote:
Subject: Re: [SystemSafety] ERTMS Balise security vulnerabilities
To: "Peter Bishop" <pgb at adelard.com>
Cc: "<systemsafety at lists.techfak.uni-bielefeld.de>" <systemsafety at lists.techfak.uni-bielefeld.de>
Date: Wednesday, July 1, 2015, 11:58 AM
This
won't help much but the risk apportionment for trackside
and vehicle are available in the relevant Unisig subsets
dealing with the different levels of implementation but
unsurprisingly security threats are explicitly
excludedAll the
bestChris
Sent from my
iPhone
On 1 Jul
2015, at 16:48, Peter Bishop <pgb at adelard.com>
wrote:
I don't know of
any quantitative analyses.
The problem is that threats are so variable.
It is easier to postulate specific attacks and the
capability level needed to implement them (e.g. from nation
state downwards).
On 1 Jul 2015 09:48,
"paul cleary" <clearmeist at hotmail.com>
wrote:
Thanks
a lot Peter,
I've
come across this report in the past. It's high level and
draws attention to the risk of balise security, but
doesn't consider actual threat scenarios or consider
probabilities of risk that's given threats could
occur.
With that in
mind I was keen to find reports detailing qualitative and
quantitative analysis of threats to the balise, balise tool
and communication across the air gap.
For eg assessing the likely threats
and probabilities of Hacking into the Balise Programing Tool
or which communicates with the balise across the air gap or
by intercepting/inserting packets passing across the air gap
remotely
Paul Cleary BSc MSc CEng MIRSE E: pclearyrail at gmail.comM: +66(0)406158643
On Jul 1, 2015, at 7:43 AM, Peter Bishop <pgb at adelard.com>
wrote:
You could take a look at
this.
http://openaccess.city.ac.uk/1522/1/How%20secure%20is%20ERTMS.pdf
Peter Bishop
On 27 June 2015 at 11:12,
Paul Work <pclearyrail at gmail.com>
wrote:
Hi,
Does anybody know of research into
security vulnerabilities for ERTMS Balise, including any
quantitative assessment of risks, such as acquisition of
proprietary tools used to interface with Balise
Paul Cleary BSc MSc CEng MIRSE E: pclearyrail at gmail.comM: +66(0)406158643
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
--
Peter Bishop
Chief Scientist
Adelard LLP
Exmouth House, 3-11
Pine Street, London,EC1R 0JH
http://www.adelard.com
Recep: +44-(0)20-7832 5850
Direct:
+44-(0)20-7832 5855
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
-----Inline Attachment Follows-----
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
More information about the systemsafety
mailing list