-
12:40
Although railways are one of the safest means of travel, they are not the most secure. What are railway engineers and IT experts fighting about? We will elaborate on the terms: Sicherheit, safety, security, and funktionale Sicherheit; and their implications. The first railways were closed systems where employees had visual contact with the equipment. With the increasing amount of software and network growth, IT security is becoming a major concern. On the other hand, railway systems are made from various components with real-time and dependability requirements, and proprietary protocols, resulting in some security via obscurity. The main difference from other systems is the high degree of standardisation necessary for obtaining a permit. Consequently, changes take time and effort, resulting in the longevity of protocols. This talk explains railway-specific protocols, such as GSM-R, RaSTA, and ETCS/ERMTS, their security model and known attacks. Nothing of this is new, but still, it is widely unknown. So, join the talk, have fun, and learn how to stop a train - which is much simpler than starting one.