Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Omar Benjumea - Next Station: Cybersecurity [rooted2019]

124 views

Published on

Omar Benjumea - Next Station: Cybersecurity [rooted2019]

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Omar Benjumea - Next Station: Cybersecurity [rooted2019]

  1. 1. Next Station: CiberSecurity
  2. 2. Corinth Railway. 6Km. 600 BC
  3. 3. Who is this guy? @Omarbenjumea
  4. 4. Windscreen Wiper and Wash Systems Entrance Systems Internal Doors Climate ManagementPower Electrics Brake Systems Auxiliary Power Supply Modernization & SupportControl and Management Systems Traction Systems
  5. 5. Passengers and Goods Train Operators (+ Infrastructure Operators) Train Builders Components Builders
  6. 6. Corporate Operations Engineering Onboard Signaling
  7. 7. Corporate Operations Engineering Onboard Signaling
  8. 8. Mobility as a Service
  9. 9. SIGNALING
  10. 10. Armagh rail disaster @photo by Illustrated London News, June 22, 1889
  11. 11. European Rail Traffic Management System (ERTMS)
  12. 12. European Rail Traffic Management System (ERTMS)
  13. 13. Due safety, systems are designed to stop if something goes wrong Due safety, MAC is not always required, e.g. to stop a train
  14. 14. Onboard Systems and networks
  15. 15. REAL TIME SYSTEMS AND PROTOCOLS
  16. 16. SCPU941 VCU HVAC WSP Virtual PLC Virtual PLC Virtual PLC Consist network
  17. 17. Redundant VCUs (Strong master / Weak Master)
  18. 18. │ 25
  19. 19. Consist bus Between vehicles permanently or semi-permanently coupled Consist bus Vehicle bus Vehicle bus Vehicle bus Consist bus Consist bus
  20. 20. Non-vital bus For entertainment, information system, video survey Vehicle bus Vehicle bus Vehicle bus Consist bus Non-vital bus Consist bus Non-vital bus
  21. 21. Train bus For communication between consists or cars that are not permanently or semi-permanently coupled Vehicle bus Vehicle bus Vehicle bus Train bus Consist bus Consist bus Non-vital bus Non-vital bus Train bus Vehicle bus Vehicle bus Vehicle bus Consist bus Non-vital bus Vehicle bus Vehicle bus Vehicle bus Consist bus Non-vital bus Train bus
  22. 22. Ethernet Backbone (ETB) Consist 1 Consist 2 Consist N VCU ECN VCU VCU ECNECN Train inauguration
  23. 23. Common protocols (non exhaustive list) Name Interface Vehicle bus Consist bus Non-vital bus Trainbus CANopen CAN X X J1939 CAN X X MVB MVB X X HDLC RS-4xx X X Profinet Ethernet X X CIP Ethernet X X X TRDP Ethernet X X X TCP/IP Ethernet X X X X UDP/IP Ethernet X X X X Modbus-IP Ethernet X X X X CAN Powerline CAN X WTB WTB X
  24. 24. TRDP: Train Real Time Data Protocol
  25. 25. 404 error Security not found
  26. 26. DDU European train DDU Train bus A Train bus B BCU PCU Vehicle bus CAN 1 VCU Vehicle bus CAN 2 VCU RIOM RIOM DCU L HVAC Mc car DCU R Batt unit DCU RHVACBCUPCUDCU LHVAC DCU L Lighting DCU RLighting RIOM RIOM T car Mc car I/Os CAN/WTB GWGW 1 GW 2 strong master weak master Bridge bridge
  27. 27. Cab 2Cab 1 European locomotive DDU WTB Line 1 WTB Line 2 RIOM 1 Ethernet Switch ESU 801-TG WTBGW CAN/WTB GW GWC 531-TF TCU TCU RIOM 3 RIOM 4 RIOM 2 Vehicle bus CANopen Ethernet bus DDU Diesel engine with J1939 interface VCU J1939 bus VCU CPU 831-TG I/Os
  28. 28. US Tram Article CArticle B Ethernet Article A VCUB DDU_B VCUA DDU_A Consist Bus CANopen 1 RIOM A1 HVAC TCU_ADOOR_3R RIOM B1 BCU_B EVR DOOR_4L RIOM A2 Consist Bus CANopen 2 HVAC RIOM B2 DOOR_6L TCU_B BCU_ADOOR_2LDOOR_5R Board Battery WLAN Traction Battery A DOOR_1R PIS Traction Battery B
  29. 29. TCN based on Ethernet Non-Cab Car BCU TCU Cab Car Ethernet Train Backbone (ETB) PIS DDU RIOM21 RIOM 12 VCU VCU strong master weak master Ethernet (ECN) RIOM22 RIOM 11 RIOM Cab I/Os BCU TCU Vehicle Switch …… Train Backbone Node
  30. 30. https://en.wikipedia.org/wiki/V-Model_(software_development) SIL1 SIL2 SIL3 SIL4
  31. 31. 2003 - Washington Signaling System Hex dump of the Blaster worm showing a message left for Bill Gates https://en.wikipedia.org/wiki/Blaster_(computer_worm)
  32. 32. 2008 - Lodz tram system
  33. 33. 2015 - Ukraine
  34. 34. │46
  35. 35. Not targeted Employees Cybercrime Terrorism Nation- state
  36. 36. Internet TCMS Network Multimedia Network Train Operator Network Ethernet Switch Selectron Subsystem 3rd Party SubsystemRemote I/O VCU (SIL-0, SIL-2 or SIL-4) Memory Card Engineering Workstation Configuration Data Diagnose Data Monitoring Data Control Data Configuration Data Diagnose Data Process Data Configuration Data Diagnose Data Process Data Configuration Data DHCP/DNS Data Diagnose Data Process Data Configuration Data Process Data Diagnose Data SIL-0 SIL-2 SIL-4 LTE/WiFi Redundant VCU Process Data for Multimedia Applications (e.g. PIS)
  37. 37. Lyfecycle of 20, 30 or even 40 years Safety certification vs patching Wireless components in the future
  38. 38. Regulation Growing up Awareness Security Investment
  39. 39. THANK YOU!!

×