CONTACT US: Contact info
|
Citation |
Pizzi G. Transp. Res. Proc. 2020; 45: 250-257. |
|
Copyright |
(Copyright © 2020, Elsevier Publications) |
|
DOI |
|
PMID |
unavailable |
|
Abstract |
Vulnerabilities and hacking cases in transport systems are already documented. In the last two or three years guidelines and methods for cybersecurity in transport systems have been drafted and the importance of convergence of safety and cybersecurity has been stressed. Many companies today offer products and services for this field. There is the risk, however, that such an important matter will be considered as a formal fulfillment. In order to promote a real awareness about vulnerabilities affecting transport systems technologies, which rely mostly on embedded devices, and about the attacks that can exploit them, we use as an example a real incident involving a safety-critical subsystem of a railway vehicle (that we think of as a "cyber-physical system") to develop a case study concerning a cyberattack, aiming to show that devices and technological systems vulnerabilities must not be neglected in risk analysis. Conversely, they must be taken into account the same way as hazards in safety assessments for an effective integration between cybersecurity and safety. Therefore we propose an attack-fault tree for the case study as an example of integrated risk analysis. Language: en |
|
Keywords |
attack-fault tree; cyberattacks; cybersecurity standards; cybersecurity-integrated safety; transport systems vulnerabilities |