Security-for-Safety in the Rail Transportation World
15.02.2024 Stefan Bamberg
In the global railway ecosystem, rolling stock collisions are the most dramatic and newsworthy accidents and disasters imaginable. While rare, they are also the most lethal to human life, as experienced in recent incidents.
The deadliest rail disaster in Greek history occurred in 2023 when two trains involving a passenger train and a freight train collided head-on. The devastating accident left at least 57 people dead. It was later discovered that the passenger train had been inadvertently allowed to proceed on the wrong track despite the presence of the freight train on the same track.
In May of 2021 in Malaysia, a head-on collision occurred between a manually-driven empty train and an automated passenger train causing 213 injuries. The incident was thought to have occurred due to a miscommunication at the operations center.
Additionally, the year 2016 saw two deadly rail accidents in Western Europe. In Germany, two passenger trains had a head-on collision where 12 people died and 85 others were injured. Later that year, two Italian regional passenger trains collided head-on killing 23 people and injuring 85 others. The German accident was said to have been caused by a train dispatcher who gave incorrect orders to the two trains while distracted by a game he was playing on his mobile phone.
In the hybrid world of rail transport, combining almost two centuries of legacy infrastructure with cutting-edge technology, system engineers must contend with a mix of modern, interconnected rail operating systems, aging tracks and infrastructure, and a vast variety of rolling stock on their lines at the same time. Train-on-train collisions can be caused by a vast variety of factors from an inadvertent human error to hardware or software malfunction. And today, rail operators need to be concerned with protecting their sophisticated, modern communication and operational systems from sabotage and cyber-attacks.
Intelligence on Wheels (IoW), an offshoot of Germany’s aerospace pioneers DLR, has developed a collision warning system comprising train-to-train communication, track-selective self-localization, and onboard situation analysis and decision support – all designed to empower railways to keep their trains running routinely and safely or to make quick, but well-informed decisions to avoid impending hazards. The system is designed to work alongside established rail safety infrastructures and is particularly suited as an additional cost-effective safety system for sparsely utilized regional lines as well as smaller-scale operators that must engineer services around complex, often single-track lines.
The sophisticated technologies built into their TrainCAS system and the potential for criminal misuse make security and IP protection a paramount concern for the company. The system combining hardware, software, and data, not only has to be protected against threats from hackers or other malicious actors for safe and secure rail travel purposes, but also against undue attention and exploitation by competitors, less ethical users, or simply overly curious third parties. In the railroad industry, a model of robust engineering and regulatory oversight, solutions for safeguarding intellectual property and software license management must navigate the technical landscape and stringent mandates, especially considering the sector’s key role in today’s mass mobility infrastructure.
This is where Intelligence on Wheels turned to Wibu-Systems to integrate its CodeMeter technology into their TrainCAS system to encrypt and protect its software and build in the hardware-based cryptographic security components for the TrainCAS onboard technology in the field. CodeMeter hardware was adapted to a rugged and tamper proof hardware solution to secure license repositories and provide safe havens for executing the crypto code during runtime for added protection against hackers. The TrainCAS software and the constituent trackmaps that enable the highly reliable situation detection are secured by a combination of CodeMeter AxProtector and Core API tools chosen specifically to match the mixed embedded systems used by Intelligence on Wheels. This prevents both unauthorized use by unlicensed users and tampering, intentional or unintentional, by people trying to manipulate the system.
Dr. Thomas Strang, CEO, Intelligence on Wheels GmbH, noted: “For us, security-for-safety has two meanings: protecting the IP that makes our business possible and protecting trains out on the tracks against cyber-attacks. Working with our likeminded partners at Wibu-Systems was a pleasure, and holding the CodeMeter hardware in my hands gives me the same feeling of reassurance I get when I see our TrainCAS systems in action.”
In support of IoW’s guiding principle of “Security-for-Safety,” the innovative solution safeguards critical infrastructure against cybersecurity threats, secures IP against theft, and enables new business licensing models for rail safety services. You can read the entire case study for more details.
Contributor
Stefan Bamberg
Director Sales and Key Account Management
After studying computer science at the Karlsruhe Institute of Technology, he worked in traffic simulation R&D before switching over to IT project management and key account management for large ICT companies. Since 2012, he is active in the Key Account Division of our Wibu-Systems sales force.