Railway Defender Kill Chain to Predict and Detect Cyber-Attacks

Document identifier: oai:DiVA.org:ltu-77333
Access full text here:10.13052/jcsm2245-1439.912
Keyword: Engineering and Technology, Civil Engineering, Other Civil Engineering, Teknik och teknologier, Samhällsbyggnadsteknik, Annan samhällsbyggnadsteknik, Cybersecurity, Cyber kill chain, Railway, Cyber-attack, OSA-CBM, Predict, Drift och underhållsteknik, Operation and Maintenance
Publication year: 2020
Relevant Sustainable Development Goals (SDGs):
SDG 11 Sustainable cities and communities
The SDG label(s) above have been assigned by OSDG.ai

Abstract:

Most organizations focus on intrusion prevention technologies, with lessemphasis on prediction and detection. This research looks at prediction anddetection in the railway industry. It uses an extended cyber kill chain (CKC)model and an industrial control system (ICS) cyber kill chain for detectionand proposes predictive technologies that will help railway organizationspredict and recover from cyber-attacks. The extended CKC model consistsof both internal and external cyber kill chain; breaking the chain at anearly stage will help the defender stop the adversary’s malicious actions.This research incorporates an OSA (open system architecture) for railwayswith the railway cybersecurity OSA-CBM (open system architecture forcondition-based maintenance) architecture. The railway cybersecurity OSA-CBM architecture consists of eight layers; cybersecurity information movesfrom the initial level of data acquisition to data processing, data analysis, inci-dent detection, incident assessment, incident prognostics, decision support,and visualization.The main objective of the research is to predict, prevent, detect, andrespond to cyber-attacks early in the CKC by using defensive controls calledthe Railway Defender Kill Chain (RDKC).The contributions of the research are as follows. First, it adapts and mod-ifies the railway cybersecurity OSA-CBM architecture for railways. Second,it adapts the cyber kill chain model for the railway. Third, it introduces theRailway Defender Kill Chain. Fourth, it presents examples of cyber-attackscenarios in the railway system.

Authors

Ravdeep Kour

Luleå tekniska universitet; Drift, underhåll och akustik
Other publications >>

Adithya Thaduri

Luleå tekniska universitet; Drift, underhåll och akustik
Other publications >>

Ramin Karim

Luleå tekniska universitet; Drift, underhåll och akustik
Other publications >>

Record metadata

Click to view metadata