Adoption of information and communication technologies (ICT) in railway has improved the reliability, maintainability, operational efficiency, capacity as well as the comfort of passengers. This adoption introduces new vulnerabilities and entry points for hackers to launch attacks. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. These cyber threats are also increasing in railways and, therefore, it needs for cybersecurity measures to predict, detect and respond these threats. The cyber kill chain (CKC) model is a widely used model to detect cyber-attacks and it consists of seven stages/chains; breaking the chain at an early stage will help the defender stop the adversary’s malicious actions. Due to lack of real cybersecurity data, this research simulates cyber-attacks to calculate the attack penetration probabilities at each stage of the cyber kill chain model. The objective of this research is to predict cyber-attack penetrations by implementing various security controls using modeling and simulation. This research is an extension of developed railway defender kill chain which provides security controls at each stage of CKC for railway organizations to minimize the risk of cyber threats.

Most organizations focus on intrusion prevention technologies, with lessemphasis on prediction and detection. This research looks at prediction anddetection in the railway industry. It uses an extended cyber kill chain (CKC)model and an industrial control system (ICS) cyber kill chain for detectionand proposes predictive technologies that will help railway organizationspredict and recover from cyber-attacks. The extended CKC model consistsof both internal and external cyber kill chain; breaking the chain at anearly stage will help the defender stop the adversary’s malicious actions.This research incorporates an OSA (open system architecture) for railwayswith the railway cybersecurity OSA-CBM (open system architecture forcondition-based maintenance) architecture. The railway cybersecurity OSA-CBM architecture consists of eight layers; cybersecurity information movesfrom the initial level of data acquisition to data processing, data analysis, inci-dent detection, incident assessment, incident prognostics, decision support,and visualization.The main objective of the research is to predict, prevent, detect, andrespond to cyber-attacks early in the CKC by using defensive controls calledthe Railway Defender Kill Chain (RDKC).The contributions of the research are as follows. First, it adapts and mod-ifies the railway cybersecurity OSA-CBM architecture for railways. Second,it adapts the cyber kill chain model for the railway. Third, it introduces theRailway Defender Kill Chain. Fourth, it presents examples of cyber-attackscenarios in the railway system.

With the advancements in and widespread adoption of information and communication technologies in infrastructures, cyber-attacks are becoming more frequent and more severe. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. Cyber-attacks are also increasing in railways with an impact on railway stakeholders, e.g. threat to the safety of employees, passengers, or the public in general; loss of sensitive railway information; reputational damage; monetary loss; erroneous decisions; loss of dependability, etc. There is a need to move towards advanced security analytics and automation to identify, respond to, and prevent such security breaches. The objective of this research is to reduce cyber risks and vulnerabilities and to improve the cybersecurity capabilities of railways by evaluating their cybersecurity maturity levels and making recommendations for improvements. After assessing various cybersecurity maturity models, the Cybersecurity Capability Maturity Model (C2M2) was selected to assess the cybersecurity capabilities of railway organizations. The contributions of this research are as follows. First, a new maturity level MIL4 (Maturity Indicator Level 4) is introduced in the C2M2 model. Second, the C2M2 model is adapted by adding advanced security analytics and threat intelligence to develop the Railway-Cybersecurity Capability Maturity Model (R-C2M2). The cybersecurity maturity of three railway organizations is evaluated using this model. Third, recommendations and available standards & guidelines are provided to the three railway organizations to improve maturity levels within different domains. In addition, they are given an action plan to implement the recommendations in a streamlined way. The application of this model will allow railway organizations to improve their capability to reduce the impacts of cyber-attacks and eradicate vulnerabilities. The approach can also be extended to other infrastructures with necessary adaptations.

The convergence of information technology and operation technology and the associated paradigm shift toward Industry 4.0 in complex systems, such as railways has brought significant benefits in reliability, maintainability, operational efficiency, capacity, as well as improvements in passenger experience. However, with the adoption of information and communications technologies in railway maintenance, vulnerability to cyber threats has increased. It is essential that organizations move toward security analytics and automation to improve and prevent security breaches and to quickly identify and respond to security events. This paper provides a statistical review of cybersecurity incidents in the transportation sector with a focus on railways. It uses a web-based search for data collection in popular databases. The overall objective is to identify cybersecurity challenges in the railway sector.