SCEPTICS INFO

Description

The rapid pace of development in Information and Communications Technology (ICT) over the last 30 years has changed the way the rail industry operates. Commercial pressures and the need to share operational information between stakeholders to facilitate cross-border services etc. have gradually pushed the industry away from more expensive, bespoke systems and towards Commercial Off The Shelf (COTS) solutions. Nowhere is this more evident than in the area of industrial control, where examples of the move to standard technologies include the European Train Control System (ETCS) in the signalling domain, and the provision of remote condition monitoring via Supervisory Control And Data Acquisition (SCADA) networks.

Although the move away from bespoke systems has allowed the industry to become more agile, reduce the risks of vendor lock-in, and deliver “more for less” in terms of underlying investment, it also risks increasing the attractiveness of the railways to cyber attackers; much of the off-the-shelf hardware is IP based, and therefore subject to many of the same attack mechanisms as any other modern ICT system. Furthermore, common platforms share common vulnerabilities, meaning exploits that have been realised in one industrial sector, could by easily transferred to similar technology in another.

While the rail industry in the UK and worldwide recognises that there will be an increased risk of cyber attack in coming years, many railway undertakings are unsure of how to begin building an understanding of the extent of the problem they face, or the steps required to address it.

The SCEPTICS project aims to help the owners & operators of large-scale Industrial Control Systems to identify elements of their infrastructure that are vulnerable to cyber attack, and to prioritise those systems for further, detailed analysis.

The SCEPTICS project is developing a set of common processes that can be applied by ICT professionals within the rail industry to scope their own industrial control systems, allowing them to get a broad understanding of the potential risks of cyber attack, and delivering sets of priority areas / systems to investigate using more detailed threat analysis tools and approaches.

SCEPTICS publications

PROJECT PARTICIPANTS

Tom Chothia
Tom ChothiaLecturer
Tom Chothia is a Lecturer at the University of Birmingham in the United Kingdom.

His research interests are in statistics and information theory for measuring information leakage, security for peer-to-peer systems, e-passport security, the theory of traceability attacks, anonymity, and formal modeling for secure distributed systems. He has previously held appointments at CWI (Amsterdam), Ecole Polytechnique (Paris) and Stevens Institute of Technology (Hoboken). He obtained his Ph.D. from the University of Edinburgh (Scotland).

Clive Roberts
Clive RobertsProfessor of Railway Systems
Clive Roberts is Professor of Railway Systems at the University of Birmingham and Director of the Birmingham Centre for Railway Research and Education.

Over the last 14 years he has developed a broad portfolio of research aimed at improving the performance of railway systems. He leads the University’s contribution in a number of large EPSRC, European Commission and industry funded projects. He works extensively with the railway industry in Britain and overseas.

Clive’s research interests lie in the areas of: systems engineering; system modelling and simulation; traffic management; fault detection and diagnosis; and data collection and decision support, applied to railway traction, signalling, mechanical interactions and capacity.

John Easton
John EastonLecturer
John Easton is a Lecturer working with the Birmingham Centre for Railway Research and Education at the University of Birmingham.

His research interests centre on methods for the storage, processing and display of railway related datasets – in particular data representation and exchange via ontologies, manipulation and integration of data relevant to the multimodal transport system, and cyber security in industrial control systems.

Since joining the rail group in 2009, John has been involved in a wide range of projects including the TRIME third-rail monitoring system, which in 2012 was the joint winner of the Stephenson Award for Engineering Innovation at the National Rail Awards, EU-funded work (Interail, Automain, OnTime, and Capacity4Rail), and the EPSRC-funded SCEPTICS project (part of the RITICS research institute). John sits on the executive committee of the Institute of Engineering and Technology’s Railway Network, and has recently been seconded to the cross-industry Digital Railway programme.

PARTNERED WITH

UNIVERSITY INFORMATION

The University of Birmingham was established by Queen Victoria by Royal Charter in 1900 and was the UK’s first civic or ‘redbrick’ university. The University, which is the 4th largest in the UK, was a founding member of the Russell Group, and was the Times Higher Education ‘University of the Year’ for 2014.

Characterised by a tradition of innovation, research at the University has broken new ground, pushed forward the boundaries of knowledge and made an impact on people’s lives. Birmingham was instrumental in the development of pacemakers and plastic heart valves, and was where the first artificial vitamin (Vitamin C) was synthesised. The University was also responsible for the development of the cavity magnetron, leading to applications such as radar and the microwave oven.

Contact Us

The University of Birmingham, Edgbaston, Birmingham, B15 2TT

Main switchboard: +44 (0)121 414 3344