SCEPTICS: A SystematiC Evaluation Process for Threats to Industrial Control Systems

Lead Research Organisation: University of Birmingham
Department Name: Electronic, Electrical and Computer Eng

Abstract

Industrial Control Systems underpin almost all aspects of life in the UK, the power network operated by the National Grid and the rail network, which is over seen by the Rail Safety and Standards Board (RSSB) are two key examples of this.

In this project we will work with the National Grid and RSSB to perform a detailed security analysis of their systems, looking for possible points of cyber attack and building an understanding of the impact of possible failures. This will lead to better security for these important systems.

Based on what we learn from this analysis we will work with the company Level 3 TRL and Parsons Brinckerhoff to generalise our methods into business processes that other owners of industrial control systems can use to help ensure their systems are safe from cyber attacks.

Planned Impact

Industrial Control Systems (ICS) underpin almost all aspects of life in the UK, the systems that the National Grid and the Rail Safety and Standards Board are responsible for are key examples of this. We will help these organisations develop better methods with which to scope their systems, identify harm threats and understand the impacts of compromises. This will, in turn, lead to better security for these important systems and everyone who uses them.

A longer-term impact will be the documented security analysis processes that we will produced as part of this process. These processes will allow other ICS owners to repeat our analysis and identify harm threats and vulnerabilities in their own systems. This process will be developed in partnership with Level3 TRL to ensure that it is a useable, repeatable business process. This work will potentially help all ICS owners so helping to involve the overall cyber security of the UK.
 
Description The SCEPTICS project has developed a set of systems level common processes that can be applied by ICT professionals within the rail industry to scope their own industrial control systems, allowing them to get a broad understanding of the potential risks of cyber attack, and delivering sets of priority areas / systems to investigate using more detailed threat analysis tools and approaches.

Further, the SCEPTIC projects has developed a new Key Management and Distribution Scheme for use in the European Rail Traffic Management System (ERTMS). Its aim is to simplify key management and improve cross-border operations through hierarchical partitioning. The current scheme used in ERTMS involves the creation and distribution of 3DES keys to train and trackside entities, which are then used as part of the Euro Radio Protocol to provide message authentication. This results in the distribution of tens of thousands of keys using portable media, a prohibitively high burden on management and resourcing. The project has developed a symmetric key solution, TRAKS, which has the benefit of being backwards compatible with the current ERTMS standard and being post-quantum secure. This new scheme reduces the number of cryptographic keys in circulation, and maintains the current security model. This is achieved by dynamically deriving unique keys from a shared secret, i.e. the line secret, which is combined with IDs of trains, and of signalling equipment. In addition to providing better key management, the scheme also adds authentication to the location data provided by EuroBalises.
Exploitation Route The SCEPTICS project team is now working within the UK Railway Research and Innovation Network (UKRRIN - https://www.ukrrin.org.uk/) with the National Cyber Security Centre and a number of rail industry partners to take forward the results of the project. Spec
Sectors Digital/Communication/Information Technologies (including Software),Security and Diplomacy,Transport

URL https://ritics.org/sceptics/
 
Description The SCEPTICS project has worked extensively with the rail industry (and adjacent industries) throughout the project. This has resulted in ongoing collaborations with the RITICS (Research Institute in Trust-worthy Inter-connected Cyber-physical Systems) consortium (http://ritics.org), which has resulted in further, higher TRL, work supported by the National Cyber Security Centre. Further, direct collaborations to enable knowledge transfer of the results are taking place within the Data Integration and Cyber-Security theme within the new UK Rail Research and Innovation Network (UKRRIN) Centre of Excellence in Digital Systems, which is led by the University of Birmingham (https://www.ukrrin.org.uk/). Knowledge transfer activities have resulted in the identification and development of new approaches to eliminate security risks in a number of railway subsystems, for example, the identification of cybersecurity vulnerabilities in the European Railway Traffic Management System (ERTMS) and the development of new security approaches to overcome this issues.
First Year Of Impact 2018
Sector Digital/Communication/Information Technologies (including Software),Security and Diplomacy,Transport
Impact Types Policy & public services

 
Description Effective Solutions for the NIS Directive - Supply Chain Requirements for Third Party Devices
Amount £300,000 (GBP)
Organisation National Cyber Security Centre 
Sector Public
Country United Kingdom
Start 01/2019 
End 01/2021
 
Description UKRRIN Centre of Excellence in Digital Systems
Amount £28,100,000 (GBP)
Organisation Higher Education Funding Council for England 
Sector Public
Country United Kingdom
Start 04/2018 
End 03/2020
 
Description NCC Group 
Organisation NCC Group
PI Contribution Analysis in railway-specific equipment including GSM-R handsets and Lineside telephone equipment for security assurance research.
Collaborator Contribution Provision of equipment budget and procurement of devices which would not have been previously possible.
Impact Security analysis of rail equipment and future research collaborations.
Start Year 2017
 
Description NCSC Small Equipment Grant 
Organisation National Cyber Security Centre
Country United Kingdom 
Sector Public 
PI Contribution Carrying out cybersecurity analyses of trusted devices used in the rail sector.
Collaborator Contribution Providing financial assistance to procure rail-specific equipment.
Impact Analyses of rail-specific devices which has fed into a successful grant into the implications of poor supply chain security.
Start Year 2017
 
Description UKRRIN Centre of Excellence in Digital Systems 
Organisation Bombardier Inc.
Department Bombardier Transportation
Country Germany 
Sector Private 
PI Contribution We lead the new UK Rail Research and Innovation Network. This is a collaboration between 8 universities and 16 companies. The network comprises of 3 Centres of Excellence: Digital Systems - led by Birmingham; Rolling Stock - led by Huddersfield with Newcastle and Loughborough; and Infrastructure - led by Southampton with Sheffield, Nottingham, Loughborough and Heriot Watt.
Collaborator Contribution £28.1M has been secured from the Higher Education Funding Council for England. There is contract private investment for 16 companies totally £64.4m. The Digital Centre of Excellence will lead on four themes, one of which is cybersecurity.
Impact No outcomes yet.
Start Year 2018
 
Description UKRRIN Centre of Excellence in Digital Systems 
Organisation IBM
Department IBM UK Ltd
Country United Kingdom 
Sector Private 
PI Contribution We lead the new UK Rail Research and Innovation Network. This is a collaboration between 8 universities and 16 companies. The network comprises of 3 Centres of Excellence: Digital Systems - led by Birmingham; Rolling Stock - led by Huddersfield with Newcastle and Loughborough; and Infrastructure - led by Southampton with Sheffield, Nottingham, Loughborough and Heriot Watt.
Collaborator Contribution £28.1M has been secured from the Higher Education Funding Council for England. There is contract private investment for 16 companies totally £64.4m. The Digital Centre of Excellence will lead on four themes, one of which is cybersecurity.
Impact No outcomes yet.
Start Year 2018
 
Description UKRRIN Centre of Excellence in Digital Systems 
Organisation Siemens AG
Department Siemens Mobility
Country Global 
Sector Private 
PI Contribution We lead the new UK Rail Research and Innovation Network. This is a collaboration between 8 universities and 16 companies. The network comprises of 3 Centres of Excellence: Digital Systems - led by Birmingham; Rolling Stock - led by Huddersfield with Newcastle and Loughborough; and Infrastructure - led by Southampton with Sheffield, Nottingham, Loughborough and Heriot Watt.
Collaborator Contribution £28.1M has been secured from the Higher Education Funding Council for England. There is contract private investment for 16 companies totally £64.4m. The Digital Centre of Excellence will lead on four themes, one of which is cybersecurity.
Impact No outcomes yet.
Start Year 2018
 
Description UKRRIN Centre of Excellence in Digital Systems 
Organisation Thales Group
Department Thales UK Limited
Country United Kingdom 
Sector Private 
PI Contribution We lead the new UK Rail Research and Innovation Network. This is a collaboration between 8 universities and 16 companies. The network comprises of 3 Centres of Excellence: Digital Systems - led by Birmingham; Rolling Stock - led by Huddersfield with Newcastle and Loughborough; and Infrastructure - led by Southampton with Sheffield, Nottingham, Loughborough and Heriot Watt.
Collaborator Contribution £28.1M has been secured from the Higher Education Funding Council for England. There is contract private investment for 16 companies totally £64.4m. The Digital Centre of Excellence will lead on four themes, one of which is cybersecurity.
Impact No outcomes yet.
Start Year 2018
 
Description UKRRIN Centre of Excellence in Digital Systems 
Organisation WS Atkins
Department Atkins Rail
Country United Kingdom 
Sector Private 
PI Contribution We lead the new UK Rail Research and Innovation Network. This is a collaboration between 8 universities and 16 companies. The network comprises of 3 Centres of Excellence: Digital Systems - led by Birmingham; Rolling Stock - led by Huddersfield with Newcastle and Loughborough; and Infrastructure - led by Southampton with Sheffield, Nottingham, Loughborough and Heriot Watt.
Collaborator Contribution £28.1M has been secured from the Higher Education Funding Council for England. There is contract private investment for 16 companies totally £64.4m. The Digital Centre of Excellence will lead on four themes, one of which is cybersecurity.
Impact No outcomes yet.
Start Year 2018
 
Title The SCEPTICS Tool for Threat Analysis 
Description The SCEPTICS tool allows Industrial Control System Asset Owners to be able to assess the security characteristics of their system architectures and identify potential sources for exploitation. The tool also allows the asset owner to test strategies for improving the holistic security of their architectures. 
Type Of Technology Webtool/Application 
Year Produced 2018 
Impact The SCEPTICS tool is currently under closed testing with industrial partners and subject to wider revisions. Following discussions with Operators of Essential Services, there is an identified need for such a tool, specifically to communicate cybersecurity issues to engineers who may not have the necessary experience and expertise. 
 
Description AIT Symposium on Cybersecurity 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Attendance at the AIT SPARKS Project symposium, talking about the outputs of the SCEPTICS projects and discussions about related research.
Year(s) Of Engagement Activity 2017
 
Description Atkins workshop (8th Nov.) 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Engagement with cyber security team at Atkins rail looking at potential for future exploitation of SCEPTICS outcomes.
Year(s) Of Engagement Activity 2017
 
Description Chair and Presentation of the Rail Cyber Security Summit 2016 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Chaired and presented at the first one-day Rail Cyber Security Summit.
Year(s) Of Engagement Activity 2016
 
Description Cybersecurity Workshop at RSSB (14th March) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Workshop hosted by RSSB with invited audience from across the rail sector (supply chain, operators, infrastructure managers and policy makers) to present cybersecurity research in the rail sector at the University.
Year(s) Of Engagement Activity 2016
 
Description Department for Transport engagement (16th Jan) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Hosted transport cyber security team members from DfT at the University to discuss the SCEPTICS project and it's outcomes - led to larger follow-up workshop at DfT
Year(s) Of Engagement Activity 2018
 
Description Discussion at DfT NIS Industry Event (3rd April) 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Discussions with DfT and Operators of Essential Services regarding the impact of the NIS Directive for cybersecurity (relating to outputs of the SCEPTICS project).
Year(s) Of Engagement Activity 2018
 
Description Dissemination at cyber security reception at the Polish Embassy (5th June) 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Attended reception host by Polish ambassador aim at strengthening links in cyber. Used opportunity to network with other attendees and disseminate project.
Year(s) Of Engagement Activity 2017
 
Description Engagement at Department for Transport (2nd Feb.) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Full day event at DfT to disseminate outcomes of the SCEPTICS project to various teams.
Year(s) Of Engagement Activity 2018
 
Description High Integrity Software 2015 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Talk at "Formal Security Analysis of Critical Infrastructure" at "High Integrity Software 2015" http://his-2015.co.uk/session/formal-security-analysis-of-critical-infrastructure.
Year(s) Of Engagement Activity 2015
URL http://his-2015.co.uk/session/formal-security-analysis-of-critical-infrastructure
 
Description ICS Research Showcase (Co-located with other RIs) (17 October) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Joined the rest of the RITICS consortium at the annual ICS research showcase event to discuss the SCEPTICS outcomes and present a poster.
Year(s) Of Engagement Activity 2017
 
Description ICS Showcase event (NCSC, 16th October) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Participated in ICS cyber research showcase event hosted by NCSC. Presented 2 posters on the SCEPTICS project.
Year(s) Of Engagement Activity 2017
 
Description Meeting with Thales 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Discussion with 5 people from Thales to discuss future working collaborations out of the SCEPTICS project.
Year(s) Of Engagement Activity 2017
 
Description NCC Trust Forum - Rail Cybersecurity (6th June) 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Discussion of the SCEPTICS project with NCC colleagues, which fostered the later equipment grant.
Year(s) Of Engagement Activity 2017
 
Description NCSC ACE-CSR Conference (28th June) 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Presentation on current research at the ACE-CSR conference in front of >100 cybersecurity academics, which led to the working collaboration between the University and NCC group.
Year(s) Of Engagement Activity 2017
 
Description Network Rail engagement event (24th Nov.) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Full-day engagement event at Network Rail disseminating SCEPTICS finds to their comms and signalling team leads
Year(s) Of Engagement Activity 2017
 
Description Presentation and Discussion with RSSB (15th Dec) 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Working discussion on cybersecurity issues in the rail sector, discussing existing work and strategic partnerships for future work.
Year(s) Of Engagement Activity 2015
 
Description Presentation at ICS Cybersecurity London (26 March) 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Presentation to an audience of 40 at the ICS Cybersecurity Event, led by the MUMBA project, presenting the SCEPTICS project and active work, sparking opportunities for further research.
Year(s) Of Engagement Activity 2016
 
Description Presentation at Transport Security Live (Olympia) 2016 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Presentation on railway cyber-security issues at general transportation event. Identified commonality between the approaches adopted by different modes.
Year(s) Of Engagement Activity 2016
 
Description Presentation to ICS Cyber Security Conference 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Presentation to industry conference
Year(s) Of Engagement Activity 2016
 
Description Presentation to Railway Safety and Standards Board 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Talk to RSSB on 29 September 2015.
Year(s) Of Engagement Activity 2015
 
Description Presentation to Transport Security Live (part of Counter Terrorism Expo 2015) 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Presentation on the challenges faced by the Rail industry with respect to securing its Industrial Control Systems. Introduction of SCEPTICS, its aims, objectives and activities. Illustrations of how the SCEPTICS team will help industry professionals scope their ICS and priorities targets for in-depth analysis.
Year(s) Of Engagement Activity 2015
 
Description Presentation to industry stakeholders (National Rail Enquiries) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Industry/Business
Results and Impact Presentation on the Aims, Objectives and Planned Activities of the project to Network Rail Enquiries.
Year(s) Of Engagement Activity 2015
 
Description Presentation to industry stakeholders (Network Rail & BAE Systems) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Presentation on the Aims, Objectives and Planned Activities of the project to Network Rail and security contractors from BAE Systems.
Year(s) Of Engagement Activity 2015
 
Description Presenting outputs of SCEPTICS (RSSRail 13th-16th Nov) 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Presenting outputs of the SCEPTICS project at the RSSRail Conference.
Year(s) Of Engagement Activity 2017
 
Description Project meeting with Arup 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Discussion about future collaborations and bid for DfT Literature Review in Rail Cybersecurity.
Year(s) Of Engagement Activity 2017
 
Description Proposal discussion with NCSC (31 October) 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Working discussion with NCSC over proposals (TRAKS) to validate proposals and adoptability in the UK
Year(s) Of Engagement Activity 2017
 
Description Scoping discussions for cross-industry committee remit (9th June) 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Invited participation in scoping meeting for new industry systems interface committee on data in rail. Discussed SCEPTICS outcomes and implications for industry.
Year(s) Of Engagement Activity 2017
 
Description Supply chain workshop - cyber security for rail (29th March) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Industry/Business
Results and Impact Hosted a cyber security workshop for the rail supply chain on the 29th March on behalf of Rail Alliance. Included specific presentations on SCEPTICS outputs.
Year(s) Of Engagement Activity 2017
 
Description Visit by NCC (5th April) 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Visit from NCC Group as part of working collaboration to work on hardware security.
Year(s) Of Engagement Activity 2018