For Knorr-Bremse, security takes on a further dimension: systems need to operate safely, but they must also be protected against external hacker attacks. The technology leader’s new Cybersecurity Competence Center is taking up the challenge.
It sent shockwaves through the industry: in 2015 two security experts in the USA hacked a Chrysler Jeep Cherokee via the internet connection of its entertainment system and from there, using a few elaborate tricks and a bogus firmware update, finally found their way to the CAN bus, the vehicle’s internal network. From there, they could operate all the vehicle’s electronically controlled components via the mobile phone network and, for example, trigger an emergency stop on the highway entirely out of the blue. For Paolo Fanuli, Head Competence Center Cybersecurity Rail, this incident was “a wake-up call for the entire automotive and rail industry. It proved that cyberattacks on vehicles are possible in practice as well as in theory.”
Cybersecurity: a new Competence Center for Knorr-Bremse
Fanuli works at the Knorr-Bremse subsidiary Selectron in Lyss, Switzerland, which develops system solutions for automation in rail vehicles. These Train Control and Management Systems (TCMS) include the braking, driver’s cab, door, HVAC and power supply systems. “We have been developing the latest generation of these systems since 2018. In the process, we are paying close attention to “embedded cybersecurity”, i.e. protection against attacks that is built into our systems,” explains Dr. Nicolas Lange, Chairman of the Management Board of Knorr-Bremse Rail Vehicle Systems. According to Dr. Lange, customers are already inquiring about cybersecurity solutions. Moreover, there is now an EU-wide certification framework for the cybersecurity of industrial control systems, which takes care of the necessary external requirements. On this basis, Lange decided to set up a cross-functional cybersecurity competence team for Knorr-Bremse’s Rail division. And the topic is equally important for the Truck division, overseen in this case by Péter Katona, Head of Platform Software.
Countering risks proactively: the Defense in Depth concept
Katona regards the ever-increasing connectivity of systems as a key source of risk: “Hackers could attempt to remotely immobilize entire fleets. The economic damage of the ensuing costs, such as production downtimes due to late supply deliveries or interrupted cold chains for food, would be huge.” That’s why he and Paolo Fanuli jointly rely on the Defense in Depth concept, an approach comprising several layers of security. The underlying idea is that experts no longer see protection at the edges of networks as sufficient defense against today’s risks, which include hacker attacks. The solution: “We have to divide the individual measures for device security and the security technology for network traffic between Knorr-Bremse, its customers and vehicle operators.”
Fleet operators, in particular, are counting on digitalization in order to offer attractive, intelligent transport solutions. This includes predictive maintenance for components and assistance systems that will enable automated train operation (ATO) in the future. Such developments are accompanied by greater connectivity and permanent online connection of fleets that used to be operated offline. Fanuli assumes that low-cost standard technology is being deployed in many cases – which could present a target for hackers. “This is precisely why cybersecurity must reduce these risks and safeguard vulnerable standard solutions.”
Increasing connectivity: which systems need special protection?
According to the experts, this question can best be answered by conducting a risk analysis. Vehicle central computers are particularly important here, as they are connected to the outside world and control all subsystems. Alongside the braking systems present in trains and trucks, these include boarding systems for trains, and sometimes the steering system in commercial vehicles. With risks this high, Knorr-Bremse expert Katona believes that a double layer of protection is essential: “On the one hand, we ensure secure data communication between two end points, for example two subsystems, but it’s equally important to safeguard each individual device.”
Preparation is everything: an early warning system for attacks
Especially for communication between devices, “endpoint protection” plays an important role. Computer chips encrypt important data to prevent unauthorized access. The chips also verify the identity and integrity of control software using a kind of fingerprint. This enables them to immediately detect any fakes or manipulations.
In the future, new devices will also receive a kind of digital, tamper-proof ID in the form of a security certificate. To manage the certificates, Knorr-Bremse is currently setting up its own infrastructure – a Public Key Infrastructure (PKI). This cloud-based service automates the secure management of certificates. Above all, this calls for good teamwork: “We have to plan such measures in coordination with the development department from a very early stage in order to get the hardware and software design right,” says Fanuli. They are complemented by additional protection at the software code level. “After all, the measures need to cover the entire life cycle of the product, which can be several decades for rail vehicles. It is almost impossible to retrofit certified vehicles that have been approved for each individual country.”
As an additional element of the security concept, data communication during operation is analyzed for recurring patterns. If the data flows indicate anything unusual, the system triggers an alarm. Péter Katona emphasizes the benefits of this early warning system: “Serious attacks always build up over a significant period of time. This practice, known as threat monitoring, can prevent them from developing.” Furthermore, embedded cybersecurity offers opportunities for new business models, as Fanuli underlines: “As well as the hardware, our customers need services and training.”
Close international cooperation between Truck and Rail
The individual Knorr-Bremse brands have also set up an international core team of around 16 experts who work in collaboration with four colleagues from the Cybersecurity Competence Center. In the Truck division there is already close cooperation with the Knorr-Bremse subsidiary Bendix in North America. Fanuli still sees some challenges ahead, but remains confident: “The market demands new solutions – and we will deliver them. The most important thing is to cultivate in-depth dialog with our customers.”
What is the Defense in Depth concept?
It denotes the combination of coordinated, complementary protection measures, working on the premise that any individual measure might be breached. Only in combination do they offer optimum overall protection.
1. PROTECT
As early as the development and design stage, all devices and systems must be adequately protected against potential attacks.
2. DETECT
Not every threat can be avoided one hundred percent of the time. But the risk of damage from an attack can be reduced. To this end, protective mechanisms are already built in from the development stage to block potential attacks. Should the defenses ever be breached, the alarm will be raised.
3. RESPOND
If an incident occurs in spite of all protective measures, quick reactions and effective management are essential to minimize the damage.