Transport Cybersecurity

A feature of the digital transformation of the transport industry is the trend to increased number of cyberattacks that are among the information threats. Transport cybersecurity is a broader phenomenon compared to cyberattacks and information security. It includes organisational security and other types of security that are not found purely in the information field.
The relevance of transport cybersecurity is additionally due to the widespread use of information and computer networks and information space. Cyberspace in the transport sector can be interpreted as an aggregate of networks, information space, communication and real environment. The inclusion of real environment in transport cyberspace is a distinctive feature of transport cyberspace.
The growth of information threats occurs regardless of development of transport cyberspace. It is due to digitalisation of society, including the transport sector. Cyberspace creates the preconditions for cyberthreats of a new quality, and for new cyberthreats, previous methods of information security become ineffective. The emergence of information threats is dictated not so much by digitalisation, but rather by the openness of information and communication technology. Multimodal transportation as a relationship between many organisations also contributes to the growth of cyberthreats and a decrease in information security.
The article provides an analysis of the state and approaches used in transport cybersecurity based on the review of publications on the topic, suggests a taxonomy of threats and risks to transport cybersecurity, introduces the concepts of «railway information» and «transport information», describes the vulnerabilities of transport cyberspace.

1. Thaduri, A., Aljumaili, M., Kour, R., Karim, R.Cybersecurity for eMaintenance in railway infrastructure: risks and consequences. International Journal of System Assurance Engineering and Management, 2019, Vol. 10, Iss. 6, pp. 149–159. DOI: 10.1007/s13198-019-00778-w.

2. Kour, R., Thaduri, A., Karim, R. A review on cybersecurity in railways. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit, 2023,Vol.237,Iss.1,pp.3–20. DOI: 10.1177/09544097221089389.

3. Wang, Z., Liu, X. Cyber security of railway cyberphysical system (CPS) – A risk management methodology. Communications in Transportation Research, 2022, Vol. 2, Iss. 4, 100078. https://doi.org/10.1016/j.commtr.2022.100078.

4. Lyovin, B. A., Tsvetkov, V. Ya. Digital Railway: Principles and Technologies. World of Transport and Transportation, 2018, Vol. 16, Iss. 3 (76), pp. 50–61. DOI: https://doi.org/10.30932/1992-3252-2018-16-3-5.

5. Lyovin, B. A., Tsvetkov, V.Ya. Information Processes in Big Data Environment. World of Transport and Transportation, 2017, Vol. 15, Iss. 6 (73), pp. 20–30. DOI: https://doi.org/10.30932/1992-3252-2017-15-6-2.

6. Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., Khan, S. U. The rise of «big data» on cloud computing: review and open research issues. Information Systems Journal, 2015, Vol. 47, pp. 98–115. DOI: 10.1016/J.IS.2014.07.006.

7. Bloomfield, R., Bendele, M., Bishop, P., Stroud, R., Tonks, S.The Risk Assessment of ERTMS-based Railway Systems from a Cyber Security Perspective: Methodology and Lessons Learned. In: International Conference on Reliability, Safety and Security of Railway Systems. Springer, 2016, pp 3–19. DOI: 10.1007/978-3-319-33951-1_1.

8. Masson, É., Gransart, C.Cyber Security for Railways – AHuge Challenge – Shift2Rail Perspective. In: International workshop on communication technologies for vehicles. Springer, Cham, 2017, Vol. 10222, pp. 97–104. DOI: https://doi.org/10.1007/978-3-319-56880-5_10 [restricted access].

9. Álvarez, A., Ioannidis, S., Schlehuber, C., Rodríguez, F., Vallero, V. CIPSEC Project [Online]. 2017. [Electronic resource]: https://upcommons.upc.edu/handle/2117/106378. Last accessed 14.11.2023.

10. Cao, N., Wang, C., Li, M., Ren, K., Lou, W. PrivacyPreserving Multi-Keyword Ranked Search over Encrypted Cloud Data. IEEE Transactions on Parallel and Distributed Systems, 2014, Vol. 25, Iss. 1, pp. 222–233. DOI: 10.1109/TPDS.2013.45.

11. Shi, H. Railway Information Sharing Platform Security Requirements Analysis. In: ICLEM 2014: System Planning, Supply Chain Management, and Safety. 2014, pp 1116–1121. DOI: https://doi.org/10.1061/9780784413753.169.

12. Edwards, W. K. Policies and Roles in Collaborative Applications. In: Proceedings of the 1996 ACM conference on Computer supported cooperative work 1996. ACM, pp 11–20. [Electronic resource]: https://faculty.cc.gatech.edu/~keith/pubs/policy.pdf. Last accessed 14.11.2023.

13. Thomas, R. K., Sandhu, R. S. Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management. Database security XI. Springer, Berlin, 1998, pp 166–181. DOI: 10.1007/978-0-387-35285-5_10.

14. Bullock, A. SPACE: spatial access control for collaborative virtual environments. Doctoral dissertation, University of Nottingham, 1999. 183 p. [Electronic resource]: http://www.adrianbullock.com/documents/thesis.pdf. Last accessed 14.11.2023.

15. Covington, M. J., Long, W., Srinivasan, S., DEV, A. K., Ahamad, M., Abowd, G. D. Securing Context-Aware Applications Using Environment Roles. In: Proceedings of the sixth ACM symposium on access control models and technologies 2001. ACM, pp 10–20. DOI: https://doi.org/10.1145/373256.373258 [restricted access].

16. Tolone, W., Ahn, G., Pai, T., Hong, S.Access Control in Collaborative Systems. ACM Computing Surveys (CSUR), 2005, Vol. 37, Iss. 1, pp. 29–41. DOI:10.1145/1057977.1057979.

17. ENISA (2015) Cyber Security and Resilience of Intelligent Public Transport. Good practices and recommendations, European Union Agency for Network and Information Security. [Electronic resource]: https://www.enisa.europa.eu/publications/good-practicesrecommendations. Last accessed 14.11.2023.

18. Tsetkov, V.Ya. Control using cyber-physical systems [Upravlenie s primeneniem kiber-fizicheskikh sistem]. Perspectives of science and education, 2017, Iss. 3 (27), pp. 55–60. [Electronic resource]: https://pnojournal.files.wordpress.com/2017/04/pdf_170310.pdf. Last accessed 14.11.2023.

19. Knowles, W., Prince, D., Hutchison, D. [et al]. A survey of cyber security management in industrial control systems. International journal of critical infrastructure protection, 2015, Vol. 9, pp. 52–80. DOI: 10.1016/j.ijcip.2015.02.002 [restricted access].