Content

EVOLEO Technologies LDA (Portugal) - Coordinator of CYRAIL Project

EVOLEO Technologies, Lda. is an SME, investing in skills related to the design of critical and complex electronic systems. EVOLEO embraces five areas of activity: Space, Transportation, Energy, Health and Industry. EVOLEO holds a skilled multidisciplinary engineering team seeking and promoting partnerships and networking between centers of knowledge and industry players. EVOLEO strongly cooperates, among others, with European Space Agency (ESA), Portuguese Medical Emergency Service (112), European Railway entities, Industrial entities as BOSCH and multiple international R&D groups in the frame of cooperation projects.

EVOLEO is a founding member of the Portuguese Railway Platform, which is an organisation created to manage the rail cluster in Portugal, bringing together Operators and Managers, Academia and R&D, Industry and SMEs, focusing on Research and Development and Innovation projects in areas such as Rolling Stock,
Command, Control and Communications, Interoperability, Infrastructure and Knowledge Management, amongst others.

EVOLEO key skills are related to the design, build and integration of electronic embedded systems solutions for monitoring and data processing (Remote Interface Units). Those may include integrated intelligence SW (embedded) for local data pre-processing or simply as transmitters of collected data to a central server.

EVOLEO has also skills in the implementation of multi-core systems (e.g. on FPGA) and has recently cooperated in an ESA project in the design of a Computer Unit and its on-board controlling SW for a satellite payload control with LEON3 processor and real time OS RTEMS, involving key players of the computing solutions such Aeroflex Gaisler in Sweden.

Role within CYRail :

EVOLEO is WP leader for WP1 “Project Management” and WP2 “Operational Context and Scenarios”. In addition they contribute to Task T3.2 on Definition of security zones and vulnerabilities and Task T7.3 on Exploitation and Sustainability Strategy as task leaders. These roles match completely the fundamental capabilities and skills of EVOLEO as these tasks have been what the company is doing since its foundation 9 years ago in the different areas of activity, namely in space and rail, where EVOLEO have been studying, designing and developing critical ICT and Computational Systems.

EUSKOIKER, Jakintza Lanezko Ikerkuntza Investigación Universidad Empresa (Spain)

Euskoiker is a member of the Basque Network for Science, Technology and Innovation – RCTVI (Innobasque), and of the Spanish Network for University-company Foundations (RED FUE) and is listed as the Office for the Transfer of Research Results (OTRI in Spanish) of the Spanish State (OTRI website) Euskoiker, a non-profit organization, is a foundation that has as its objective the development of relations between Academia and society. Its governors (founders) are the three Regional Governments of Bizkaia, Gipuzkoa and Araba, and the three Chambers of Commerce of Bilbao, Gipuzkoa and Araba and the University of the Basque Country / Euskal Herriko Unibertsitatea. Its existence dates back to 1979 and over the course of more than thirty years it has managed numerous research projects, made strategic contacts and participated in several research presentation forums (FOROTECH, PROMA, TECNOVA).

The Euskoiker foundation collaborates with different research groups in the areas of Humanities, social sciences, engineering and technologies, medical and natural sciences, under the agreement signed to this end with the university since 1995.

Throughout this year’s we have collaborated with more than 1500 companies, and the volume of projects that are processed per year is about 250, between research projects, consultancy and technical assistance, expert reports, training, etc…

Role within CYRAIL :

• EUSKOIKER contributes to WP3 “Security Assessment” as Work Package leader and Task 4.1 on “Threat Identification and Analysis”, WP5 “Mitigation and Countermeasures Specification” and Task 7.3 on “Exploitation of Results” as participant.
• Euskoiker brings on board its experience in control and command signalling and ERTMS modelling and background experience on security assessment on ERTMS and TCMS technologies. (WP3)
• Euskoiker also contributes with previous experience on the design of resilient communication architectures in the railway domain SECRET project (WP5 Mitigation and Countermeasures Specification).
• Euskoiker also plays an important role in dissemination activities.

Fortiss GmbH (Germany)

FORTISS is an independent non-profit ICT research and development organization closely associated with the Technische Universität München (TUM). It has been founded in 2009 with the sponsorship of the Bavarian Ministry for Economics as a co-location center where practitioners work together with academic researchers from the TUM for advancing application-driven research and for facilitating an accelerated transfer of ICT research results into industrial practice. The FORTISS research center currently employs about 100 research staff members.

FORTISS is an active member of several industrial associations such as ARTEMISIA and BITKOM. It is an affiliate partner of the EIT ICT Labs since 2010, and it played a major role in building up the smart energy systems and the cyber-physical systems action lines of the EIT ICT Labs. Since 2013 FORTISS is a satellite colocation center of the EIT ICT Labs (later rebranded EIT Digital), a leading European open innovation organisation.

Regarding Internet of Things and CPS, FORTISS is leading two major projects from the last year ICT-1 call on a design center for CPS and on Trusted Applications for CPS.

Role within CYRail :

FORTISS brings on board its experience in:

• Cyber-physical systems, with a focus on SW technology for safety-critical and secure systems, including aerospace, automotive and medical domains
• Software architecture for trusted Internet of Things systems, in particular with MILS architectures.
• Internet of Things service development and tool chains

Especially, FORTISS contributes to the WP5 on Mitigation and Countermeasures as Work Package leader.

International Union of Railways, UIC (France)

UIC, the international union of railways, is the worldwide international organisation of the railway sector with its headquarters located in Paris, France. UIC hasmore than 200 members across all five continents. Members mainly include integrated railway companies, infrastructure managers, and railway or combined transport operators, rolling stock.

UIC’s mission is to promote rail transport at world level and meet the challenges of mobility and sustainable development.

Main UIC objectives are:

• Facilitating the sharing of best practices among members (benchmarking);
• Supporting members in their efforts to develop new business and new areas of activities;
• Proposing new ways to improve technical and environmental performance;
• Promoting interoperability, create new world standards for railways (including common standards with other transport modes);
• Developing fundamental values of railway transport (Safety, Security, Sustainable development, International training, Research…).
• As far as security is concerned, the UIC security platform is bringing together security experts from our members. The security platform is organised around an annual congress to take stock of the work carried out and to propose future priorities, a steering Committee and three permanent working groups (Human factors, New technologies, Strategy, procedures and regulations) and two ad hoc working groups at the request of UIC members (Border crossings, Metal theft).

Role within CYRail :

UIC , representing the rail end-users contributes to WP7 on "Dissemination and exploitation of the results” as Work Package leader and to Task T2.1 on "Rail systems within the public transport environment" as task leader apart from being involved in
several other tasks as member.

AIRBUS Defence & Space (France)

AIRBUS Defence & Space, department on cyberSecurity SAS is providing high grade cyber-security services and solutions for private and public actors, including various entities from Airbus Group, governments & public services, companies and critical infrastructures.

Besides its mission to protect Airbus Group, it has acquired a strong experience on military and national security projects. CassidianCyberSecurity is one of the trusted security actors selected by the French national authority for information security (ANSSI) to provide labelled security services to the French national-critical infrastructures (Opérateurs d’Importance Vitale).

With 2 other main facilities in United Kingdom and Germany, Airbus Defence and Space Cybersecurity is by design a European player, capable to enforce standardization of cybersecurity solutions at multi-domestic level. The French entity benefits from a strong expertise in cyberdefense, including risk assessment, threat analysis, anomaly and attack detection. That’s why the main focus in this project will be on WP4 regarding Threat Identification and Detection Techniques.

Role within CYRail :

• AIRBUS brings on board its experience in cyber risk assessment in particular with respect to infrastructures involving SCADA/ICS (WP3 security assessment).
• AIRBUS provides threat intelligence expertise, using knowledge base tools like Orion Threats ® and the experience from threat analysts (Task 4.1 Threat identification and analysis).

AIRBUS provides :

• expertise in anomaly and attack detection, using Keelback Suite ® and the experience from our Security Operation Center (SOC) operators (Task 4.2 Early attack and anomaly detection).
• expertise from its Security Operation Center (SOC) to support enhanced alerting and collaborative incident management (T4.3)
• expertise from the incident response team to support activities on mitigation and emediation (WP5 Mitigation and Countermeasures Specification).
• expertise from the security architecture team to support activities on security profile definition and security testing capabilities to support compliance assessment in WP6.

ATSEC Information Security AB (Sweden)

ATSEC information security is a vendor independent company specialized in information security consultancy and evaluations. The company operates accredited Common Criteria evaluation facilities in Germany, Sweden and the US. In the US the company is also accredited to perform the validation of cryptographic modules under the Cryptographic Module Validation Program (CMVP) operated by the US National Institute of Standards and Technologies (NIST). atsec information security AB is the Swedish subsidiary of atsec and is like the rest of atsec dedicated to all aspects of IT security, ranging from management consultancy to technical investigations and implementation of security solutions for our customers world-wide. atsec is an
active contributor to the development of international, normative IT security standards. Consequently, atsec has a high level of expertise in consulting clients on how to apply and implement such standards, as well as in evaluating IT operations, products, and systems against standardized criteria.

ATSEC information security is an accredited IT Security Evaluation Facility (ITSEF) under the Swedish, German and U.S. Common Criteria schemes under the Common Criteria Recognition Arrangement. In Sweden, ATSEC is accredited under the Sveriges Certifieringsorgan for IT-Sakerhet (CSEC); in Germany, ATSEC is accredited under the Bundesamt fur Sicherheit in der Informationstechnik (BSI); in the U.S., ATSEC is accredited to perform evaluations under the Common Criteria Evaluation and Validation Scheme (CCEVS) operated by the National Information Assurance partnership (NIAP).

• ATSEC information security has successfully evaluated and is evaluating multiple products against NIAP PPs, e.g. Protection Profile for Mobile Device Fundamentals Version 2.0 as well as Protection Profile for Network Devices Version 1.1
• ATSEC employees actively contribute to the development of the international standards under ANSI’s INCITS, the ISO/IEC Joint Technical Committee 1, Sub Committee 27 Security Techniques, The Open Group’s Trusted Technology Forum, NASPO, and in other focused trade associations and standards groups.
• ATSEC employees contribute actively to the development of the international information security management system standards under the ISO/IEC Joint Technical Committee 1, atsec is heavily involved with the development of ISO/IEC 27001 and ISO/IEC 27002 (previously BS 7799 and ISO/IEC 17799). atsec provided the co-editor for ISO/IEC 17799:2005 and ISO/IEC 15446 and the editor for ISO/IEC 15408-1.
• ATSEC information security companies are certified as compliant with ISO/IEC 9001, ISO/IEC 17025, and ISO/IEC 27001, assuring our standards for quality, laboratory management, and information security.

Role within CYRail :

ATSEC brings on board its experience in:

• definition of the threats in the operational environment (Task 4.1 Threat identification and analysis)
• identification of mitigation strategies as well as applicable countermeasures (task 5.1 Identification of Mitigation Strategies and 5.2 Specification of Countermeasures)
• identification of security assessments and relevant standards (Task 3.1 Analysis and selection of the security assessment methodology and Task 3.3 Iterative risk assessment)
• specification of Protection Profiles (WP 6)

ATSEC mainly contributes to WP6 “Protection Profile specification” :

• Task 6.1 “Selection of standards and relevant frameworks”,
• Task 6.2 “Specification of protection profiles and assurance levels and
• task 6.3 “Compliance to Protection Profiles”.

September 2018

October 2017

May 2017

April 2017

December 2016

October 2016

The CYRail project is structured around 7 work packages (WPs) with a total duration of 24 months according to the structure shown below:

WP1 - Project Management

Led by EVOLEO

It will carry out the necessary management activities aiming at an adequate coordination of the overall project work plan. This WP includes the Project management concerned with the administrative coordination of the work including costs, timing and completeness of the deliverables.

Main Tasks of WP1

• T1.1 - Financial management
• T1.2 - Scientific and Technical Coordination
• T1.3 - Data protection and gender issues
• T1.4 - Management of contributions from the Project Advisory Board

WP2 - Operational Context and Scenarios

Led by EVOLEO

It will provide a comprehensive analysis of the existing rail system and future requirements from a customer point of view who is asking for a door to door safe and secure transport. This work package will first identify the most critical components of the rail system and their interactions with the other transport modes. Then the existing means of protection will be described. Finally an operational transport scenario involving different types of environment will be proposed for further security assessment in WP3.

Main Tasks of WP2

• T2.1 – Rail systems within the public transport environment
• T2.2 – Safety and security of the Railways systems
• T2.3 – Operational scenario

WP3 - Security Assessment

Led by EUKOISKER

It will provide an overview of current national and international security risk analysis frameworks, as well as their evaluation in order to identify the most suitable for the railway context. Special mapping and attention will also to be paid to the automotive and aeronautic industry to identify synergies. Currently, different security risk methodologies have been published by different organizations (APTA, DIN-VDE, International Electrotechnical Commission (IEC), ANSSI, etc.) all around the world. A complete overview of these proposals and their analysis will allow the definition of a common security framework that should be able to fulfil all these recommendations following a single risk analysis procedure. After defining a common security framework, this WP will perform the previously identified security assessment for most critical railway safety services (ERTMS, CBTC, TCMS…) in order to detect the most critical security zones, as well as the communication (also known as conduits) between them. The implementation of this security assessment closely interacts with WP4 and WP5. The identified threats of its system will be the input for risks and the countermeasures will be the reactive solution for reducing, when not eliminating, a detected risk.

Main Tasks of WP3

• T3.1 - Analysis and selection of the security assessment methodology
• T3.2 - Definition of security zones and vulnerabilities
• T3.3 - Iterative risk assessment

WP4 - Threat analysis, attack detection and early warning

Led by CASSIDIAN

It will deliver a taxonomy of threats targeting rail management and control systems; provide threat classification, description and analysis. In a second step, a set of innovative techniques to detect attacks targeting rail management systems will be assessed, taking into account the potential combination of cyber and physical threats. Last but not least, a number of innovations supporting early warning, context-enriched alerting and collaborative incident management will be proposed.

Main Tasks of WP4

• T4.1 – Threat identification and analysis
• T4.2 – Early attack and anomaly detection
• T4.3 – Enhanced alerting and collaborative incident management

WP5 - Mitigation and Countermeasures Specification

Led by FORTISS

It will provide the specifications for countermeasures, identify the different mitigation strategies and resilience mechanisms that allow the operation to continue with guaranteed quality levels, without having impact on operational safety. The mitigation strategies are aimed at proactively inhibiting attacks on the system by employing systematic protection techniques in advance. The countermeasures react to anomalies detected with respect to the normal operation of the system and proactively counteract identified attacks. The resilience mechanisms ensure the safe operation in the presence of attacks.

Main Tasks of WP5

• T5.1 – Identification of Mitigation Strategies
• T5.2 – Specification of Countermeasures
• T5.3 – Definition of resilience mechanisms

WP6 - Protection Profiles

Led by ATSEC

It will integrate the essential concepts considered in WPs 4 and 5 into profiles which capture the scenario and security requirements of WPs 2 and 3, respectively. The Protection Profiles Specification shall include: Security by Design; Specification of Protection profiles; Selection of Standard Framework; and Evaluation Assurance Level.

Main Tasks

• T6.1 – Selection of standards and relevant frameworks
• T6.2 – Specification of protection profiles and assurance levels
• T6.3 – Compliance to Protection ProfilesWP

WP7 - Dissemination and Outreach

Led by UIC

It aims to communicate and disseminate the result toward the public transport operators, manufacturers of public transport systems, security providers, scientific community and public bodies.

Main Tasks

• T7.1 – Communication and Dissemination Strategy
• T7.2 – Involvement of the stakeholders
• T7.3 – Exploitation and Sustainability StrategyDurationWorkpackage

Added Value

Final recommendations