Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Cybersecurity for railways: A maturity model
Luleå University of Technology, Department of Civil, Environmental and Natural Resources Engineering, Operation, Maintenance and Acoustics.ORCID iD: 0000-0003-0734-0959
Luleå University of Technology, Department of Civil, Environmental and Natural Resources Engineering, Operation, Maintenance and Acoustics.ORCID iD: 0000-0002-0055-2740
Luleå University of Technology, Department of Civil, Environmental and Natural Resources Engineering, Operation, Maintenance and Acoustics.ORCID iD: 0000-0002-1938-0985
2019 (English)In: Proceedings of the Institution of mechanical engineers. Part F, journal of rail and rapid transit, ISSN 0954-4097, E-ISSN 2041-3017Article in journal (Refereed) Epub ahead of print
Abstract [en]

With the advancements in and widespread adoption of information and communication technologies in infrastructures, cyber-attacks are becoming more frequent and more severe. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. Cyber-attacks are also increasing in railways with an impact on railway stakeholders, e.g. threat to the safety of employees, passengers, or the public in general; loss of sensitive railway information; reputational damage; monetary loss; erroneous decisions; loss of dependability, etc. There is a need to move towards advanced security analytics and automation to identify, respond to, and prevent such security breaches. The objective of this research is to reduce cyber risks and vulnerabilities and to improve the cybersecurity capabilities of railways by evaluating their cybersecurity maturity levels and making recommendations for improvements. After assessing various cybersecurity maturity models, the Cybersecurity Capability Maturity Model (C2M2) was selected to assess the cybersecurity capabilities of railway organizations. The contributions of this research are as follows. First, a new maturity level MIL4 (Maturity Indicator Level 4) is introduced in the C2M2 model. Second, the C2M2 model is adapted by adding advanced security analytics and threat intelligence to develop the Railway-Cybersecurity Capability Maturity Model (R-C2M2). The cybersecurity maturity of three railway organizations is evaluated using this model. Third, recommendations and available standards & guidelines are provided to the three railway organizations to improve maturity levels within different domains. In addition, they are given an action plan to implement the recommendations in a streamlined way. The application of this model will allow railway organizations to improve their capability to reduce the impacts of cyber-attacks and eradicate vulnerabilities. The approach can also be extended to other infrastructures with necessary adaptations.

Place, publisher, year, edition, pages
Sage Publications, 2019.
Keywords [en]
Cybersecurity, maturity level, Railway-Cybersecurity Capability Maturity Model, railway organizations, Cybersecurity Capability Maturity Model
National Category
Engineering and Technology Other Civil Engineering
Research subject
Operation and Maintenance
Identifiers
URN: urn:nbn:se:ltu:diva-76428DOI: 10.1177/0954409719881849ISI: 000491625900001Scopus ID: 2-s2.0-85074776546OAI: oai:DiVA.org:ltu-76428DiVA, id: diva2:1362204
Available from: 2019-10-18 Created: 2019-10-18 Last updated: 2019-11-21

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Kour, RavdeepKarim, RaminThaduri, Adithya

Search in DiVA

By author/editor
Kour, RavdeepKarim, RaminThaduri, Adithya
By organisation
Operation, Maintenance and Acoustics
In the same journal
Proceedings of the Institution of mechanical engineers. Part F, journal of rail and rapid transit
Engineering and TechnologyOther Civil Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 59 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf