In recent years, cybercrime has become an increasing threat to public security, companies, infrastructures and citizen safety. Cybersecurity improvements (regulations, standards, recommendations) have been done in several sectors, such as the healthcare, financial and energy sectors, but not yet in the multimodal transport sector.
CitySCAPE is a project funded by the EU’s Horizon 2020 research and innovation program, which consists of 15 partners from 6 European countries, united in their vision to cover the cybersecurity needs of the multimodal transportation. One of the CitySCAPE’s results is the CitySCAPE software toolkit. This toolkit will:
- Detect suspicious traffic-data values and identify persistent threats.
- Evaluate an attack’s impact in both technical and financial terms.
- Combine external knowledge and internally observed activities to enhance the predictability of zero-day attacks.
- Instantiate a networked overlay to circulate informative notifications to CERT/CSIRT authorities and support their interplay.
To complete this overview, the consideration of cybersecurity by these systems is also addressed from the normative and qualification process (labelling) angles.
Thus, the study of the implementation of a dedicated standard and that of a Cybersecurity label are at the heart of the work carried out within the framework of CitySCAPE.
The objective of the cybersecurity label is to verify and share if the multimodal transport information system has a certain level of security. The challenge is that assurance is expensive and existing high assurance level evaluations (like Common Criteria) are not affordable for large and complex systems with an active update life cycle. The objective of this label is to be less expensive and less time-consuming than existing labels and adapted to assurance continuity.
The labelling process thus defined is based on the following:
- The result of an in-depth analysis of existing labels, mainly: Common Criteria, ENISA at European level (EUCS), ITxPT and national labels such as CSPN issued by French ANSII
- The state of the art of cybersecurity: Risk analysis, mastery of vulnerabilities and threats and effective means of investigation and reaction (thanks to CitySCAPE toolkit).
- the work carried out within the framework of the CitySCAPE project, in particular lessons learnt from pilot actions and the risk and threat analysis of multimodal urban transport systems and its proposal for a dedicated Security assurance methodology.
- finally, on the specificities analysis of transport systems that may have an impact on their safety.
The labelling process for multimodal transport systems relies on three components:
- The process itself which is composed of nine interdependent stages.
- The stakeholders’ responsibilities in charge of monitoring the process.
- The labelling process follow up document which support the process.
The identification of assets, their level of criticality and the analysis of vulnerabilities thus makes it possible to identify the critical and non-critical components considered by the labelling process with appropriate means. This segregation of assets thus makes it possible to concentrate efforts and resources on critical assets.
Ultimately, the adoption of this label should make possible, through a shared process, to have a shared level of confidence at European level on good practices and the resilience of urban multimodal transport systems.
“This work is a part of the CitySCAPE project. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 883321. This content reflects only the authors’ view and the European Commission is not responsible for any use that may be made of the information this publication contains.”
CS GROUP has a differentiated position in the digital services market. A European mid-size company with a culture of entrepreneurship, it is agile and innovative and possesses a high level of technical and professional expertise. CS GROUP is the trusted partner of leading French and international groups for the digitalization of operational systems. We design, develop, deploy, maintain and operate smart, safe and interconnected systems. These systems, based on innovative solutions and products, guarantee the efficiency and security of our clients’ operations and critical missions with extremely exacting requirements.