Cybersecurity for railways
A maturity model
Document identifier: oai:DiVA.org:ltu-76428
Access full text here:
10.1177/0954409719881849Keyword: Engineering and Technology,
Civil Engineering,
Other Civil Engineering,
Teknik och teknologier,
Samhällsbyggnadsteknik,
Annan samhällsbyggnadsteknik,
Cybersecurity,
Maturity level,
Railway-Cybersecurity Capability Maturity Model,
Railway organizations,
Cybersecurity Capability Maturity Model,
Drift och underhållsteknik,
Operation and MaintenancePublication year: 2020Relevant Sustainable Development Goals (SDGs):
The SDG label(s) above have been assigned by OSDG.aiAbstract: With the advancements in and widespread adoption of information and communication technologies in infrastructures, cyber-attacks are becoming more frequent and more severe. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. Cyber-attacks are also increasing in railways with an impact on railway stakeholders, e.g. threat to the safety of employees, passengers, or the public in general; loss of sensitive railway information; reputational damage; monetary loss; erroneous decisions; loss of dependability, etc. There is a need to move towards advanced security analytics and automation to identify, respond to, and prevent such security breaches. The objective of this research is to reduce cyber risks and vulnerabilities and to improve the cybersecurity capabilities of railways by evaluating their cybersecurity maturity levels and making recommendations for improvements. After assessing various cybersecurity maturity models, the Cybersecurity Capability Maturity Model (C2M2) was selected to assess the cybersecurity capabilities of railway organizations. The contributions of this research are as follows. First, a new maturity level MIL4 (Maturity Indicator Level 4) is introduced in the C2M2 model. Second, the C2M2 model is adapted by adding advanced security analytics and threat intelligence to develop the Railway-Cybersecurity Capability Maturity Model (R-C2M2). The cybersecurity maturity of three railway organizations is evaluated using this model. Third, recommendations and available standards & guidelines are provided to the three railway organizations to improve maturity levels within different domains. In addition, they are given an action plan to implement the recommendations in a streamlined way. The application of this model will allow railway organizations to improve their capability to reduce the impacts of cyber-attacks and eradicate vulnerabilities. The approach can also be extended to other infrastructures with necessary adaptations.
Authors
Ravdeep Kour
Luleå tekniska universitet; Drift, underhåll och akustik
Other publications
>>
Ramin Karim
Luleå tekniska universitet; Drift, underhåll och akustik
Other publications
>>
Adithya Thaduri
Luleå tekniska universitet; Drift, underhåll och akustik
Other publications
>>
Record metadata
Click to view metadata
header:
identifier: oai:DiVA.org:ltu-76428
datestamp: 2021-04-19T12:49:12Z
setSpec: SwePub-ltu
metadata:
mods:
@attributes:
version: 3.7
recordInfo:
recordContentSource: ltu
recordCreationDate: 2019-10-18
identifier:
http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-76428
10.1177/0954409719881849
2-s2.0-85074776546
titleInfo:
@attributes:
lang: eng
title: Cybersecurity for railways
subTitle: A maturity model
abstract: With the advancements in and widespread adoption of information and communication technologies in infrastructures cyber-attacks are becoming more frequent and more severe. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance health grid retail government telecommunications transportation etc. Cyber-attacks are also increasing in railways with an impact on railway stakeholders e.g. threat to the safety of employees passengers or the public in general; loss of sensitive railway information; reputational damage; monetary loss; erroneous decisions; loss of dependability etc. There is a need to move towards advanced security analytics and automation to identify respond to and prevent such security breaches. The objective of this research is to reduce cyber risks and vulnerabilities and to improve the cybersecurity capabilities of railways by evaluating their cybersecurity maturity levels and making recommendations for improvements. After assessing various cybersecurity maturity models the Cybersecurity Capability Maturity Model (C2M2) was selected to assess the cybersecurity capabilities of railway organizations. The contributions of this research are as follows. First a new maturity level MIL4 (Maturity Indicator Level 4) is introduced in the C2M2 model. Second the C2M2 model is adapted by adding advanced security analytics and threat intelligence to develop the Railway-Cybersecurity Capability Maturity Model (R-C2M2). The cybersecurity maturity of three railway organizations is evaluated using this model. Third recommendations and available standards & guidelines are provided to the three railway organizations to improve maturity levels within different domains. In addition they are given an action plan to implement the recommendations in a streamlined way. The application of this model will allow railway organizations to improve their capability to reduce the impacts of cyber-attacks and eradicate vulnerabilities. The approach can also be extended to other infrastructures with necessary adaptations.
subject:
@attributes:
lang: eng
authority: uka.se
topic:
Engineering and Technology
Civil Engineering
Other Civil Engineering
@attributes:
lang: swe
authority: uka.se
topic:
Teknik och teknologier
Samhällsbyggnadsteknik
Annan samhällsbyggnadsteknik
@attributes:
lang: eng
topic: Cybersecurity
@attributes:
lang: eng
topic: maturity level
@attributes:
lang: eng
topic: Railway-Cybersecurity Capability Maturity Model
@attributes:
lang: eng
topic: railway organizations
@attributes:
lang: eng
topic: Cybersecurity Capability Maturity Model
@attributes:
lang: swe
authority: ltu
topic: Drift och underhållsteknik
genre: Research subject
@attributes:
lang: eng
authority: ltu
topic: Operation and Maintenance
genre: Research subject
language:
languageTerm: eng
genre:
publication/journal-article
ref
note:
Published
3
Validerad;2020;Nivå 2;2020-08-17 (johcin)
name:
@attributes:
type: personal
authority: ltu
namePart:
Kour
Ravdeep
1981-
role:
roleTerm: aut
affiliation:
Luleå tekniska universitet
Drift underhåll och akustik
nameIdentifier:
ravkou
0000-0003-0734-0959
@attributes:
type: personal
authority: ltu
namePart:
Karim
Ramin
1964-
role:
roleTerm: aut
affiliation:
Luleå tekniska universitet
Drift underhåll och akustik
nameIdentifier:
raka
0000-0002-0055-2740
@attributes:
type: personal
authority: ltu
namePart:
Thaduri
Adithya
role:
roleTerm: aut
affiliation:
Luleå tekniska universitet
Drift underhåll och akustik
nameIdentifier:
aditha
0000-0002-1938-0985
originInfo:
dateIssued: 2020
publisher: Sage Publications
relatedItem:
@attributes:
type: host
titleInfo:
title: Proceedings of the Institution of mechanical engineers. Part F journal of rail and rapid transit
identifier:
0954-4097
2041-3017
part:
detail:
@attributes:
type: volume
number: 234
@attributes:
type: issue
number: 10
extent:
start: 1129
end: 1148
physicalDescription:
form: print
typeOfResource: text