Litcius/Paper detail

Cyber security of railway cyber-physical system (CPS) – A risk management methodology

Zezhou Wang, Xiang Liu

2022Communications in Transportation Research42 citationsDOIOpen Access PDF

Abstract

Along with the increasing application of different cyber-physical systems (CPSs) to connect various components in the rail industry, rising connectivity through communication technologies has also introduced cyber threats against rail-CPSs, causing failures with huge consequences. Implementations of rail-CPSs demand proactive identification, clear-cut definition, and proper handling of their cyber security risks. In this paper, we formulate a risk management methodology for cyber security in rail-CPSs and conduct a retrospective case study on the Advanced Train Control System (ATCS) that has been deployed in many U.S. freight railways. The methodology provides two alternative approaches to fill knowledge gaps in contingency preparation, threat prevention, consequence analysis, and security risk mitigation. In the case study, we demonstrate two cyber threats of ATCS, using attack sequence modeling and consequence analysis, and provide recommendations for risk mitigation. By practicing the methodology with the case study, this work can be used as a general reference to conduct cyber risk management and cyber-robustness evaluations for other existing systems.

Topics & Concepts

Cyber-physical systemComputer securityRisk analysis (engineering)Risk managementCyber-attackContingencyCritical infrastructureImplementationRobustness (evolution)Computer scienceContingency planIdentification (biology)Critical infrastructure protectionCyber threatsWork (physics)Security controlsControl (management)EngineeringBusinessBiologyBotanyPhilosophyLinguisticsArtificial intelligenceChemistryBiochemistryGeneOperating systemMechanical engineeringFinanceProgramming languageInformation and Cyber SecurityCybersecurity and Cyber Warfare StudiesSmart Grid Security and Resilience