Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 12) Show all publications
Kour, R., Thaduri, A. & Karim, R. (2020). Predictive model for multistage cyber-attack simulation. International Journal of Systems Assurance Engineering and Management
Open this publication in new window or tab >>Predictive model for multistage cyber-attack simulation
2020 (English)In: International Journal of Systems Assurance Engineering and Management, ISSN 0975-6809, E-ISSN 0976-4348Article in journal (Refereed) Published
Abstract [en]

Adoption of information and communication technologies (ICT) in railway has improved the reliability, maintainability, operational efficiency, capacity as well as the comfort of passengers. This adoption introduces new vulnerabilities and entry points for hackers to launch attacks. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. These cyber threats are also increasing in railways and, therefore, it needs for cybersecurity measures to predict, detect and respond these threats. The cyber kill chain (CKC) model is a widely used model to detect cyber-attacks and it consists of seven stages/chains; breaking the chain at an early stage will help the defender stop the adversary’s malicious actions. Due to lack of real cybersecurity data, this research simulates cyber-attacks to calculate the attack penetration probabilities at each stage of the cyber kill chain model. The objective of this research is to predict cyber-attack penetrations by implementing various security controls using modeling and simulation. This research is an extension of developed railway defender kill chain which provides security controls at each stage of CKC for railway organizations to minimize the risk of cyber threats.

Place, publisher, year, edition, pages
Springer, 2020
National Category
Engineering and Technology
Research subject
Operation and Maintenance
Identifiers
urn:nbn:se:ltu:diva-77630 (URN)10.1007/s13198-020-00952-5 (DOI)
Available from: 2020-02-04 Created: 2020-02-04 Last updated: 2020-02-04
Kour, R., Thaduri, A. & Karim, R. (2020). Railway Defender Kill Chain to Predict and Detect Cyber-Attacks. Journal of Cyber Security and Mobility, 9(1), 47-90
Open this publication in new window or tab >>Railway Defender Kill Chain to Predict and Detect Cyber-Attacks
2020 (English)In: Journal of Cyber Security and Mobility, ISSN 2245-1439, E-ISSN 2245-4578, Vol. 9, no 1, p. 47-90Article in journal (Refereed) Published
Abstract [en]

Most organizations focus on intrusion prevention technologies, with lessemphasis on prediction and detection. This research looks at prediction anddetection in the railway industry. It uses an extended cyber kill chain (CKC)model and an industrial control system (ICS) cyber kill chain for detectionand proposes predictive technologies that will help railway organizationspredict and recover from cyber-attacks. The extended CKC model consistsof both internal and external cyber kill chain; breaking the chain at anearly stage will help the defender stop the adversary’s malicious actions.This research incorporates an OSA (open system architecture) for railwayswith the railway cybersecurity OSA-CBM (open system architecture forcondition-based maintenance) architecture. The railway cybersecurity OSA-CBM architecture consists of eight layers; cybersecurity information movesfrom the initial level of data acquisition to data processing, data analysis, inci-dent detection, incident assessment, incident prognostics, decision support,and visualization.The main objective of the research is to predict, prevent, detect, andrespond to cyber-attacks early in the CKC by using defensive controls calledthe Railway Defender Kill Chain (RDKC).The contributions of the research are as follows. First, it adapts and mod-ifies the railway cybersecurity OSA-CBM architecture for railways. Second,it adapts the cyber kill chain model for the railway. Third, it introduces theRailway Defender Kill Chain. Fourth, it presents examples of cyber-attackscenarios in the railway system.

Place, publisher, year, edition, pages
River Publishers, 2020
Keywords
Cybersecurity, cyber kill chain, railway, cyber-attack, OSA-CBM, predict
National Category
Other Civil Engineering
Research subject
Operation and Maintenance
Identifiers
urn:nbn:se:ltu:diva-77333 (URN)10.13052/jcsm2245-1439.912 (DOI)
Note

Validerad;2020;Nivå 1;2020-01-31 (johcin)

Available from: 2020-01-10 Created: 2020-01-10 Last updated: 2020-01-31Bibliographically approved
Thaduri, A., Al-Jumaili, M., Kour, R. & Karim, R. (2019). Cybersecurity for eMaintenance in Railway Infrastructure: Risks and Consequences. International Journal of Systems Assurance Engineering and Management, 10(2), 149-159
Open this publication in new window or tab >>Cybersecurity for eMaintenance in Railway Infrastructure: Risks and Consequences
2019 (English)In: International Journal of Systems Assurance Engineering and Management, ISSN 0975-6809, E-ISSN 0976-4348, Vol. 10, no 2, p. 149-159Article in journal (Refereed) Published
Abstract [en]

Recently, due to the advancements in the ICT (Information and Communication Technology), there has been lot of emphasis on digitization of the existing and newly developed infrastructure. In transportation infrastructure, in general, 80% of the assets are already in place and there has been tremendous push to move to the digital era. For efficient and effective design, construction, operation and maintenance of the infrastructure, due to this digitization, there is increasing research trend in data-driven decision-making algorithms that are proved to be effective because of several advantages. Since railway is the backbone of the society, the data-driven approaches will ensure the continuous operation, efficient maintenance, planning and potential future investments. The breach and leak of this potential data to the wrong hands might result in havoc, risk, trust, hazards and serious consequences. Hence, the main purpose of this paper is to stress the potential challenges, consequences, threats, vulnerabilities and risk management of data security in the railway infrastructure in context of eMaintenance. In addition, this paper also identifies the research methods to obtain and secure this data for potential possible research.

Place, publisher, year, edition, pages
Springer, 2019
Keywords
eMaintenance, Cybersecurity, Risks, consequences, Railways
National Category
Reliability and Maintenance Computer Systems Other Civil Engineering
Research subject
Centre - Luleå Railway Research Center (JVTC); Operation and Maintenance
Identifiers
urn:nbn:se:ltu:diva-73186 (URN)10.1007/s13198-019-00778-w (DOI)000464861200001 ()
Note

Validerad;2019;Nivå 2;2019-04-23 (marisr)

Available from: 2019-03-13 Created: 2019-03-13 Last updated: 2019-05-02Bibliographically approved
Kour, R., Karim, R. & Thaduri, A. (2019). Cybersecurity for railways: A maturity model. Proceedings of the Institution of mechanical engineers. Part F, journal of rail and rapid transit
Open this publication in new window or tab >>Cybersecurity for railways: A maturity model
2019 (English)In: Proceedings of the Institution of mechanical engineers. Part F, journal of rail and rapid transit, ISSN 0954-4097, E-ISSN 2041-3017Article in journal (Refereed) Epub ahead of print
Abstract [en]

With the advancements in and widespread adoption of information and communication technologies in infrastructures, cyber-attacks are becoming more frequent and more severe. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. Cyber-attacks are also increasing in railways with an impact on railway stakeholders, e.g. threat to the safety of employees, passengers, or the public in general; loss of sensitive railway information; reputational damage; monetary loss; erroneous decisions; loss of dependability, etc. There is a need to move towards advanced security analytics and automation to identify, respond to, and prevent such security breaches. The objective of this research is to reduce cyber risks and vulnerabilities and to improve the cybersecurity capabilities of railways by evaluating their cybersecurity maturity levels and making recommendations for improvements. After assessing various cybersecurity maturity models, the Cybersecurity Capability Maturity Model (C2M2) was selected to assess the cybersecurity capabilities of railway organizations. The contributions of this research are as follows. First, a new maturity level MIL4 (Maturity Indicator Level 4) is introduced in the C2M2 model. Second, the C2M2 model is adapted by adding advanced security analytics and threat intelligence to develop the Railway-Cybersecurity Capability Maturity Model (R-C2M2). The cybersecurity maturity of three railway organizations is evaluated using this model. Third, recommendations and available standards & guidelines are provided to the three railway organizations to improve maturity levels within different domains. In addition, they are given an action plan to implement the recommendations in a streamlined way. The application of this model will allow railway organizations to improve their capability to reduce the impacts of cyber-attacks and eradicate vulnerabilities. The approach can also be extended to other infrastructures with necessary adaptations.

Place, publisher, year, edition, pages
Sage Publications, 2019
Keywords
Cybersecurity, maturity level, Railway-Cybersecurity Capability Maturity Model, railway organizations, Cybersecurity Capability Maturity Model
National Category
Engineering and Technology Other Civil Engineering
Research subject
Operation and Maintenance
Identifiers
urn:nbn:se:ltu:diva-76428 (URN)10.1177/0954409719881849 (DOI)000491625900001 ()2-s2.0-85074776546 (Scopus ID)
Available from: 2019-10-18 Created: 2019-10-18 Last updated: 2019-11-21
Kour, R., Tretten, P., Karim, R. & Singh, S. (2019). Cybersecurity Workforce in Railway: A Case Study. In: Proceedings of the 5th International Workshop & Congress on eMaintenance 2019: . Paper presented at Proceedings of the 5th International Workshop & Congress on eMaintenance 2019.
Open this publication in new window or tab >>Cybersecurity Workforce in Railway: A Case Study
2019 (English)In: Proceedings of the 5th International Workshop & Congress on eMaintenance 2019, 2019Conference paper, Published paper (Refereed)
Abstract [en]

Railway will continue to adapt new digital solutions which are necessary and vulnerable to cyber threats. The history of cyber-attacks on critical infrastructures including railway suggests that there is a need for cybersecurity awareness. Both for employees and the general public. The very first step in cyber hygiene is cybersecurity training and awareness for the workforce. A well-educated workforce plays a vital role in building more cyber resiliency across the organization's operation and maintenance. The objective of this research is to evaluate the cybersecurity maturity level for workforce management in three railway organizations. The results show that there is a cybersecurity workforce gap and there is a need to eliminate this gap by enhancing cybersecurity workforce culture. Henceforth, this gap can be improved by developing cybersecurity culture, including cybersecurity training and awareness and by following recommendations provided in this paper.

National Category
Engineering and Technology
Research subject
Operation and Maintenance
Identifiers
urn:nbn:se:ltu:diva-75936 (URN)
Conference
Proceedings of the 5th International Workshop & Congress on eMaintenance 2019
Available from: 2019-09-10 Created: 2019-09-10 Last updated: 2019-09-10
Kour, R., Al-Jumaili, M., Karim, R. & Tretten, P. (2019). eMaintenance in railways: Issues and challenges in cybersecurity. Proceedings of the Institution of mechanical engineers. Part F, journal of rail and rapid transit, 233(10), 1012-1022
Open this publication in new window or tab >>eMaintenance in railways: Issues and challenges in cybersecurity
2019 (English)In: Proceedings of the Institution of mechanical engineers. Part F, journal of rail and rapid transit, ISSN 0954-4097, E-ISSN 2041-3017, Vol. 233, no 10, p. 1012-1022Article in journal (Refereed) Published
Abstract [en]

The convergence of information technology and operation technology and the associated paradigm shift toward Industry 4.0 in complex systems, such as railways has brought significant benefits in reliability, maintainability, operational efficiency, capacity, as well as improvements in passenger experience. However, with the adoption of information and communications technologies in railway maintenance, vulnerability to cyber threats has increased. It is essential that organizations move toward security analytics and automation to improve and prevent security breaches and to quickly identify and respond to security events. This paper provides a statistical review of cybersecurity incidents in the transportation sector with a focus on railways. It uses a web-based search for data collection in popular databases. The overall objective is to identify cybersecurity challenges in the railway sector.

Place, publisher, year, edition, pages
Sage Publications, 2019
Keywords
Cybersecurity, railway, eMaintenance, challenges
National Category
Engineering and Technology Other Civil Engineering
Research subject
Operation and Maintenance
Identifiers
urn:nbn:se:ltu:diva-72536 (URN)10.1177/0954409718822915 (DOI)000483645500002 ()
Note

Validerad;2019;Nivå 2;2019-09-11 (johcin)

Available from: 2019-01-14 Created: 2019-01-14 Last updated: 2019-12-12Bibliographically approved
Kour, R., Thaduri, A. & Karim, R. (2019). Railway Defender Kill Chain for Cybersecurity. In: Proceedings of the 5th International Workshop & Congress on eMaintenance 2019: . Paper presented at Proceedings of the 5th International Workshop & Congress on eMaintenance 2019.
Open this publication in new window or tab >>Railway Defender Kill Chain for Cybersecurity
2019 (English)In: Proceedings of the 5th International Workshop & Congress on eMaintenance 2019, 2019Conference paper, Published paper (Refereed)
Abstract [en]

The railway is one of the most important infrastructures and its security is as important as other critical infrastructures. Due to the increase in cyber-attacks, there is an increasing trend in the field of cybersecurity. The history of cyber incidents suggested that the railway needs immediate security measures or defensive controls for forthcoming advanced persistent threats (APT). Cyber Kill Chain (CKC) is one of the most widely used models for the identification, detection, and prevention of advanced persistent threats. CKC model was introduced by Lockheed Martin that consists of seven stages as Reconnaissance, Weaponize, Delivery, Exploitation, Installation, Command & Control, and Act on Objective. Breaking the chain as early as possible in the CKC model will help the defender to stop adversary’s malicious actions. As the railway is adapting digital technologies and, therefore, there is a risk that adversary can penetrate into the system following the steps of CKC. The objective of this research is to reduce the risk of cyber-attacks by proposing Railway Defender Kill Chain (RDKC) that provides security controls at each phase of Cyber Kill Chain to predict, prevent, detect and respond to cyber threats.

National Category
Engineering and Technology
Identifiers
urn:nbn:se:ltu:diva-75935 (URN)
Conference
Proceedings of the 5th International Workshop & Congress on eMaintenance 2019
Available from: 2019-09-10 Created: 2019-09-10 Last updated: 2019-09-10
Kour, R., Karim, R. & Tretten, P. (2015). EMaintenance solutions for railway maintenance decisions (ed.). In: (Ed.), S.I. Ao; Len Gelman; David W.L. Hukins; Andrew Hunter; Alexander Korsunsky (Ed.), World Congress on Engineering, WCE 2014: London, 2 - 4 July 2014. Paper presented at World Congress on Engineering : 02/07/2014 - 04/07/2014 (pp. 228-232). Hong Kong: Newswood Limited, 1
Open this publication in new window or tab >>EMaintenance solutions for railway maintenance decisions
2015 (English)In: World Congress on Engineering, WCE 2014: London, 2 - 4 July 2014 / [ed] S.I. Ao; Len Gelman; David W.L. Hukins; Andrew Hunter; Alexander Korsunsky, Hong Kong: Newswood Limited , 2015, Vol. 1, p. 228-232Conference paper, Published paper (Refereed)
Abstract [en]

The term eMaintenance emerged in the early 2000s and has become a popular topic in maintenance related literature because of ongoing technological improvements. This paper uses a recent approach, i.e. cloud-based technology, to provide an eMaintenance solution for online time data analysis to make effective and efficient railway maintenance decisions. Due to increased traffic, the Swedish railway sector needs to optimise maintenance, using predictive maintenance to a much higher degree so that unplanned breakdowns and downtime are drastically reduced. The paper shows how research within the railway sector is developing eMaintenance solutions using the cloud and web-based applications for improved condition monitoring, better maintenance and increased uptime. In the proposed solution, data are acquired from railway measurement stations and sent to the eMaintenance cloud, where they are filtered, fused, integrated and analysed to assist maintenance decisions. The paper provides a concept for a web-based eMaintenance solution to assist railway maintenance stakeholders make fact-based decisions and develop more efficient and economically sound maintenance policies.

Place, publisher, year, edition, pages
Hong Kong: Newswood Limited, 2015
Series
Lecture Notes in Engineering and Computer Science, ISSN 2078-0958
National Category
Other Civil Engineering
Research subject
Operation and Maintenance
Identifiers
urn:nbn:se:ltu:diva-26839 (URN)017f3d9a-1c79-4192-b9b4-7a74da3aa471 (Local ID)9789881925275 (ISBN)017f3d9a-1c79-4192-b9b4-7a74da3aa471 (Archive number)017f3d9a-1c79-4192-b9b4-7a74da3aa471 (OAI)
Conference
World Congress on Engineering : 02/07/2014 - 04/07/2014
Note

Validerad; 2015; Nivå 1; 20141007 (andbra)

Available from: 2016-09-30 Created: 2016-09-30 Last updated: 2018-05-07Bibliographically approved
Kour, R., Karim, R., Parida, A. & Kumar, U. (2014). Applications of radio frequency identification (RFID) technology with eMaintenance cloud for railway system (ed.). International Journal of Systems Assurance Engineering and Management, 5(1), 99-106
Open this publication in new window or tab >>Applications of radio frequency identification (RFID) technology with eMaintenance cloud for railway system
2014 (English)In: International Journal of Systems Assurance Engineering and Management, ISSN 0975-6809, E-ISSN 0976-4348, Vol. 5, no 1, p. 99-106Article in journal (Refereed) Published
Abstract [en]

Radio Frequency Identification (RFID) helps automatic identification of objects using radio waves. This is not a new technology instead decades old and has been used during the World War II, when it was used by allied ground forces to track German bombers. It is a technology for wireless communication between a reader and a transponder/tag. This technology permits the transfer of data to the most diverse objects without the need for physical contact and uses intelligent barcodes to track items and have been successfully applied in military, security, healthcare, real time location tracking, vehicle identification and other areas. This paper is based on applications of radio frequency identification technology with eMaintenance cloud for railway system to analyze and visualize data of trains for the cost effective maintenance planning. Further, cloud computing is an emerging research area that can be utilised for acquiring an effective and efficient information logistics. Specifically, the widespread use of RFID will enable wagons to be tracked leading to better resource utilization, lower freight costs, and better maintenance. Therefore, it helps to provide greater control of the train carriages, making it easier to plan resources. However, RFID is a powerful tool that can help to improve industry proficiency, implementing this technology is not easy. Furthermore, operating RFID systems can be a challenging process. Thus, this paper is based on the application of RFID in the context of railway operation.

National Category
Other Civil Engineering
Research subject
Operation and Maintenance
Identifiers
urn:nbn:se:ltu:diva-12289 (URN)10.1007/s13198-013-0196-z (DOI)2-s2.0-84894655496 (Scopus ID)b66a4c84-3fc2-4e90-8e81-7bfceaf02942 (Local ID)b66a4c84-3fc2-4e90-8e81-7bfceaf02942 (Archive number)b66a4c84-3fc2-4e90-8e81-7bfceaf02942 (OAI)
Note

Validerad; 2014; 20131001 (ravkou)

Available from: 2016-09-29 Created: 2016-09-29 Last updated: 2018-12-14Bibliographically approved
Kour, R., Tretten, P. & Karim, R. (2014). eMaintenance solution through online data analysis for railway maintenance decision-making (ed.). Paper presented at . Journal of Quality in Maintenance Engineering, 20(3), 262-275
Open this publication in new window or tab >>eMaintenance solution through online data analysis for railway maintenance decision-making
2014 (English)In: Journal of Quality in Maintenance Engineering, ISSN 1355-2511, E-ISSN 1758-7832, Vol. 20, no 3, p. 262-275Article in journal (Refereed) Published
Abstract [en]

Purpose – The purpose of this paper is to demonstrate how research within the railway sector is developing eMaintenance solutions using the cloud and web-based applications for improved condition monitoring, better maintenance and increased uptime. This eMaintenance solution is based on the on-line data acquisition, integration and analysis leading to effective maintenance decision making.Design/methodology/approach – In the proposed methodology, data are acquired from railway measurement stations to the eMaintenance cloud, where they are filtered, fused, integrated and analyzed to assist maintenance decisions. Extensive consultation with stakeholders has resulted in the analysis of railway data.Findings – The paper provides a concept for a web-based eMaintenance solution for railway maintenance stakeholders for making fact-based decisions and develops more efficient and economically sound maintenance policies. Train wheels reaching their maintenance and safety limits are visualised in grids and graphs to assist stakeholders in making the appropriate maintenance decisions.Practical implications – In this paper the authors have demonstrated that the wheel profile and force data can be remotely collected through cloud utilization. The information generated can be used for maintenance decision making. Similarly, other measurable data can also be utilized for maintenance decision making.Originality/value – This paper describes the importance of eMaintenance solution through online data analysis to make effective and efficient railway maintenance decisions, as a case study.

National Category
Other Civil Engineering
Research subject
Operation and Maintenance
Identifiers
urn:nbn:se:ltu:diva-6590 (URN)10.1108/JQME-05-2014-0026 (DOI)2-s2.0-84907104624 (Scopus ID)4d6fb407-484b-4a78-8e0f-f5c79e24757a (Local ID)4d6fb407-484b-4a78-8e0f-f5c79e24757a (Archive number)4d6fb407-484b-4a78-8e0f-f5c79e24757a (OAI)
Note
Validerad; 2014; 20140629 (ravkou)Available from: 2016-09-29 Created: 2016-09-29 Last updated: 2018-07-10Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-0734-0959

Search in DiVA

Show all publications