How to improve the protection of multimodal transport against cyber-attacks?

Over the last decade the multimodal transport has faced cyber incidents increasing the fears of citizens. Here are such examples:

  • June 6, 2016 – The Washington Post reported that Dallas road signs were hacked and messages about Donald Trump and Harambe the gorilla were posted.
  • May 13, 2017 – The Telegraph reported that WannaCry infected German train stations, and passenger information monitors were seen displaying the ransom message.

With the emergence of information digitization, ICT (Information and Communications Technology) infrastructure and data communications gave an unprecedented push towards the realization of truly interconnected transport systems, mainly observed at city level. The mosaic of ICT services that a city-level multimodal transport ecosystem integrates over interconnected infrastructures, fleets, devices and applications and the plethora of its interfaces makes it increasingly vulnerable to cyber-attacks and eases the threats propagation.

In order to protect multimodal transport against cyber-attacks, the CitySCAPE project will build an interoperable software toolkit that seamlessly integrates to any multimodal transport system with the following purposes:

  • To enforce prediction of zero-day attacks
  • To detect suspicious traffic and data flows
  • To evaluate the technical and financial impact of a cyber-attack
  • To train relevant authorities and improve the circulation of information among them

The prediction of zero-day attacks relies on a collaborative threat investigation platform that allows cyber threat intelligence teams to follow and discover new Advanced Persistent Threat groups targeting the transport domain. The toolkit will leverage IDS/IPS (Intrusion Detection System/Intrusion Prevention System) engines and a Security Information and Event Management system functioning as a correlation engine with backlog of markers to detect suspicious traffic and data flows. As for the assessment of the technical and financial impact in the event of a cyber-attack, it is based on a risk analysis and impact assessment engine as well as a financial impact assessment engine. The toolkit also includes a collaborative security incident response platform that will allow CERTs/CSIRTs (Computer Emergency Response Teams/Computer Security Incident Response Teams) to perform collaborative analyses on incident responses. Finally, a CyberRange, an advanced simulation solution that allows to easily model IT/OT (Information Technology/Operational Technology) systems and simulate realistic scenarios including real cyber-attacks, will host the toolkit and be used to train Security Operations Center teams and CERT/CSIRT authorities.

Airbus CyberSecurity is a fully owned subsidiary of Airbus Defense & Space specialized in cybersecurity. Airbus CyberSecurity protects governments, critical national infrastructures and industries across Europe against increasingly sophisticated cyber-attacks 24/7. With a presence in France, Germany, the UK and Spain, Airbus CyberSecurity has highly skilled and experienced experts developing market-leading solutions in: Encryption, Key Management, Security Operations Center, Threat Intelligence, Industrial Control Systems and Cyber Security Consultancy.

Based on its broad experience and expertise in cybersecurity, Airbus CyberSecurity is leading WP5 “CitySCAPE security layer implementation” and is mainly involved in the development of the collaborative threat investigation platform and the development of the collaborative security incident response platform. In addition, Airbus CyberSecurity implements the correlation engine with a backlog of markers. Airbus CyberSecurity will also lead task T6.2 “CitySCAPE stack integration” to build the CitySCAPE toolkit and will provide the Airbus CyberRange for WP9 “Training, awareness and high impact dissemination”.