{"title":"Cyber security of railway cyber-physical system (CPS) – A risk management methodology","authors":"Zezhou Wang, Xiang Liu","doi":"10.1016/j.commtr.2022.100078","DOIUrl":null,"url":null,"abstract":"<div><p>Along with the increasing application of different cyber-physical systems (CPSs) to connect various components in the rail industry, rising connectivity through communication technologies has also introduced cyber threats against rail-CPSs, causing failures with huge consequences. Implementations of rail-CPSs demand proactive identification, clear-cut definition, and proper handling of their cyber security risks. In this paper, we formulate a risk management methodology for cyber security in rail-CPSs and conduct a retrospective case study on the Advanced Train Control System (ATCS) that has been deployed in many U.S. freight railways. The methodology provides two alternative approaches to fill knowledge gaps in contingency preparation, threat prevention, consequence analysis, and security risk mitigation. In the case study, we demonstrate two cyber threats of ATCS, using attack sequence modeling and consequence analysis, and provide recommendations for risk mitigation. By practicing the methodology with the case study, this work can be used as a general reference to conduct cyber risk management and cyber-robustness evaluations for other existing systems.</p></div>","PeriodicalId":100292,"journal":{"name":"Communications in Transportation Research","volume":"2 ","pages":"Article 100078"},"PeriodicalIF":12.5000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2772424722000282/pdfft?md5=cc9b39dcabf623bd5f32f3e511686205&pid=1-s2.0-S2772424722000282-main.pdf","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Communications in Transportation Research","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2772424722000282","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TRANSPORTATION","Score":null,"Total":0}
引用次数: 11
Abstract
Along with the increasing application of different cyber-physical systems (CPSs) to connect various components in the rail industry, rising connectivity through communication technologies has also introduced cyber threats against rail-CPSs, causing failures with huge consequences. Implementations of rail-CPSs demand proactive identification, clear-cut definition, and proper handling of their cyber security risks. In this paper, we formulate a risk management methodology for cyber security in rail-CPSs and conduct a retrospective case study on the Advanced Train Control System (ATCS) that has been deployed in many U.S. freight railways. The methodology provides two alternative approaches to fill knowledge gaps in contingency preparation, threat prevention, consequence analysis, and security risk mitigation. In the case study, we demonstrate two cyber threats of ATCS, using attack sequence modeling and consequence analysis, and provide recommendations for risk mitigation. By practicing the methodology with the case study, this work can be used as a general reference to conduct cyber risk management and cyber-robustness evaluations for other existing systems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
