EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Railway Defender Kill Chain to Predict and Detect Cyber-Attacks
Luleå University of Technology, Department of Civil, Environmental and Natural Resources Engineering, Operation, Maintenance and Acoustics.ORCID iD: 0000-0003-0734-0959
Luleå University of Technology, Department of Civil, Environmental and Natural Resources Engineering, Operation, Maintenance and Acoustics.ORCID iD: 0000-0002-1938-0985
Luleå University of Technology, Department of Civil, Environmental and Natural Resources Engineering, Operation, Maintenance and Acoustics.ORCID iD: 0000-0002-0055-2740
2020 (English)In: Journal of Cyber Security and Mobility, ISSN 2245-1439, E-ISSN 2245-4578, Vol. 9, no 1, p. 47-90Article in journal (Refereed) Published
Abstract [en]

Most organizations focus on intrusion prevention technologies, with lessemphasis on prediction and detection. This research looks at prediction anddetection in the railway industry. It uses an extended cyber kill chain (CKC)model and an industrial control system (ICS) cyber kill chain for detectionand proposes predictive technologies that will help railway organizationspredict and recover from cyber-attacks. The extended CKC model consistsof both internal and external cyber kill chain; breaking the chain at anearly stage will help the defender stop the adversary’s malicious actions.This research incorporates an OSA (open system architecture) for railwayswith the railway cybersecurity OSA-CBM (open system architecture forcondition-based maintenance) architecture. The railway cybersecurity OSA-CBM architecture consists of eight layers; cybersecurity information movesfrom the initial level of data acquisition to data processing, data analysis, inci-dent detection, incident assessment, incident prognostics, decision support,and visualization.The main objective of the research is to predict, prevent, detect, andrespond to cyber-attacks early in the CKC by using defensive controls calledthe Railway Defender Kill Chain (RDKC).The contributions of the research are as follows. First, it adapts and mod-ifies the railway cybersecurity OSA-CBM architecture for railways. Second,it adapts the cyber kill chain model for the railway. Third, it introduces theRailway Defender Kill Chain. Fourth, it presents examples of cyber-attackscenarios in the railway system.
Place, publisher, year, edition, pages
River Publishers, 2020. Vol. 9, no 1, p. 47-90
Keywords [en]
Cybersecurity, cyber kill chain, railway, cyber-attack, OSA-CBM, predict
National Category
Other Civil Engineering
Research subject
Operation and Maintenance
Identifiers
URN: urn:nbn:se:ltu:diva-77333DOI: 10.13052/jcsm2245-1439.912Scopus ID: 2-s2.0-85079133453OAI: oai:DiVA.org:ltu-77333DiVA, id: diva2:1384499
Note

Validerad;2020;Nivå 1;2020-01-31 (johcin)

Available from: 2020-01-10 Created: 2020-01-10 Last updated: 2020-08-26Bibliographically approved
In thesis
1. Cybersecurity in Railway: A Framework for Improvement of Digital Asset Security
Open this publication in new window or tab >>Cybersecurity in Railway: A Framework for Improvement of Digital Asset Security
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Digitalisation changes operation and maintenance in railways. Emerging digital technologies facilitate implementation of enhanced eMaintenance solutions through utilisation of distributed computing and artificial intelligence. In railway, the digital technology deployment is expected to improve the railway system’s sustainability, availability, reliability, maintainability, capacity, safety, and security including cybersecurity. In digitalised railway, aspects of cybersecurity are essential in order to achieve overall system dependability. Lack of cybersecurity imposes negative impacts on the railways like reputational damage, heavy costs, service unavailability and risk to the safety of employees and passengers.

It has been observed, through open access data, that many railway organizations focus on detective measures of security threats with less emphasis on forecasting of cyber-attacks. In order to prepare in advance for cyberattacks, it is essential that Information and Communication Technology (ICT) and Operational Technology (OT) in railways need to undergo continuous updating towards security analytics approach. This approach will help the railways to produce proactive security measures to cyberattacks.

 In this work, it has been observed that there exists some standards and guidelines related to cybersecurity in railways (e.g. AS 7770- Rail Cyber Security, APTA SS-CCS-004-16, BS EN 50159:2010+A1:2020). These standards and guidelines are proprietary (i.e. either organization-specific or country-specific) and are followed by most of the railway organizations. These proprietary standards and guidelines lack in providing a holistic approach to enable interoperability, scalability, orchestration, adaptability, and agility for railway’s stakeholders. Therefore, there is a need for a generic cybersecurity framework for digitalized railways to facilitate proactive cybersecurity and threat intelligence sharing within the railways. 

The proposed framework, i.e., Cybersecurity Information Delivery Framework has been developed by integrating existing models, technologies, and standards to minimize the risks of cyber-attacks in the railways. The framework maps different layers of Open System Architecture for Condition-Based Maintenance (OSA-CBM) in the context of cybersecurity to deliver threat intelligence. The framework implements extended Cyber Kill Chain (CKC) and Industrial Control System (ICS) Kill Chain for detecting cyberattacks. The framework also incorporates proposed Railway Defender Kill Chain (RDKC) that enables proactive cybersecurity. Therefore, the proposed framework enables proactive cybersecurity and shares threat intelligence for improving cybersecurity in railways. 
Place, publisher, year, edition, pages
Luleå: Luleå University of Technology, 2020
Series
Doctoral thesis / Luleå University of Technology 1 jan 1997 → …, ISSN 1402-1544
Keywords
Cybersecurity, Framework, Railway, Operation and Maintenance, Railway Defender Kill Chain
National Category
Other Civil Engineering
Research subject
Operation and Maintenance
Identifiers
urn:nbn:se:ltu:diva-78488 (URN)978-91-7790-579-0 (ISBN)978-91-7790-580-6 (ISBN)
Public defence
2020-06-05, F1031, Luleå, 10:00 (English)
Opponent
Supervisors
Available from: 2020-04-15 Created: 2020-04-15 Last updated: 2021-10-15Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Kour, RavdeepThaduri, AdithyaKarim, Ramin

Search in DiVA

By author/editor
Kour, RavdeepThaduri, AdithyaKarim, Ramin
By organisation
Operation, Maintenance and Acoustics
In the same journal
Journal of Cyber Security and Mobility
Other Civil Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 394 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.45.0
|
Researcher: Register
|
Student: Register
|
Contact
|
WCAG