International Cybersecurity on Railway Transport: Methodological Approaches and Normal Procedural Framework

The paper deals with methodological approaches and practical venues of international cooperation in the areas of information security and cybersecurity on railway transport. The approaches were adopted by the workshop “Cybersecurity on Railway Transport” established within the framework of the COLOPOFER program. There are analyzed main factors and prerequisites governing the necessity of hacking countermeasures on the part of railway IT infrastructure. Also discussed are cybersecurity related definitions. There are presented principal provisions of normative techniques being developed by the international workshop “Cybersecurity on Railway Transport”. Basic IT information infrastructure objects of railway transport are characterized with respect to their hacking susceptibility and their most vulnerable components are highlighted. There is presented classification of the types of computer attacks and their implementation me-dia. Also discussed are organizational and routine hacking countermeasures to be taken in the railway IT infrastructure environment.

cybersecurity, information security, computer attack, IT infrastructure protection

1. Adadurov S. E., Glukhov A. P., Kornienko A. A. Informatsionnaya bezopasnost’ i zashchita informatsii na zheleznodorozhnom transporte. Ch. 1: Metodologiya i sistema obespecheniya informatsionnoy bezopasnosti na zheleznodorozhnom transporte [Information security and protection of information on railway transport. Pt. 1: The methodology and the system of information security in railway transport]. Moscow, Educational and Training Center in Railway Transport Publ., 2014. 439 p.

2. NIST Computer Security Resource Clearinghouse. Available at: http://csrc.nist.gov.

3. Ludlow P. What is a “Hacktivist”? The New York Times, January 13, 2013. Available at: http://opinionator.blogs.nytimes.com/2013/01/13/what-is-a-hacktivist/.

4. Mills E. Report: Countries prepping for cyberwar. CNET, November 17, 2009. Available at: http://www.cnet.com/news/reportcountries-prepping-for-cyberwar/

5. Blechschmidt P. NATO is preparing to conduct computer wars. Süddeutsche Zeitung, October 5, 2010. Available at: http://inosmi.ru/europe/20101005/163386175‑print. html. (in Russ.).

6. Singer P. W., Friedman A. Cybersecurity and cyberwar: What everyone needs to know. New York, OUP Publ., 2014. 306 p.

7. Lukatskiy A. Security of critical infrastructures: International experience. September 26, 2013. Available at: http://lukatsky.blogspot.ru/2013/09/blog-post_26. html. (in Russ.).

8. ISO/IEC 27032:2012 Information technology — Security techniques — Guidelines for cybersecurity. Available at: https://www.iso.org/obp/ui/#iso: std: iso-iec:27032: ed-1: v1: en.

9. Rogozin D. O., Sheremet I. A., Garbuk S. V., Gubinskiy A. M. Vysokie tekhnologii v SShA: Opyt ministerstva oborony i drugikh vedomstv [High-Tech in the USA: Experience of the Ministry of Defense and other agencies]. Moscow, MSU Publ., 2013. 384 p.

10. Recommendation ITU-T X. 1205. International Telecommunication Union. Available at: http://handle.itu.int/11.1002/1000/9136.

11. GOST R ISO/MEK TO 18044 – 2007. Information technology. Methods and means of ensuring safety. Management of information security incidents. Available at: http://standartgost.ru/g/ГОСТ_Р_ИСО/МЭК_ТО_18044-2007. (in Russ.).

12. The main directions of the state policy in the field of security of automated control systems of production and technological processes of critical infrastructure of the Russian Federation. Approved by the President of the Russian Federation on February 03, 2012 № 803. Available at: http://www.scrf.gov.ru/documents/6/113.html. (in Russ.).

13. Presidential Decree “On establishment of the state system of detection, prevention and elimination of consequences of cyber attacks on information resources of the Russian Federation” dated January 15, 2013 № 31s. Rossiyskaya gazeta, January 18, 2013. Available at: http://www.rg.ru/2013/01/18/komp-ataki-site-dok.html. (in Russ.).

14. Order of the Federal Service for Technical and Export Control of Russia “On approval of the Requirements for the protection of information of no state secret contained in the state information systems” of February 11, 2013 № 17. Rossiyskaya gazeta, June 26, 2013, no. 6112. Available at: http://www.rg.ru/2013/06/26/gostajna-dok. html. (in Russ.).

15. Order of the Federal Service for Technical and Export Control of Russia “On approval of requirements to ensure the protection of information in automated control systems of production and technological processes on critical facilities, potentially hazardous objects as well as objects representing the increased danger to life and health and to the environment” of March 14, 2014. Rossiyskaya gazeta, August 6, 2014, no. 6447. Available at: http://www.rg.ru/2014/08/06/fstek-dok. html. (in Russ.).

16. ISA/IEC 62443. Industrial automation and control systems security. Available at: https://www.tofinosecurity.com/resources/topics/isaiec-62443