Modern railway systems are a great example of critical infrastructure where it is too risky to use the ‘live’ network for cybersecurity testing, but where such testing is essential to ensure continuity of service.
Railways are complex collections of information technology (IT) and operational technology (OT) systems, linked by wired and wireless networks, that merge cyber and physical domains. Each train is a mobile collection of mechanical systems, controlled by Supervisory Control and Data Acquisition (SCADA) solutions and interconnected by serial protocols. Together, all the individual trains are managed locally by IT systems while being remotely monitored and increasingly controlled from centralized control stations. And there are numerous other systems involved too, such as lighting, ticketing and information displays.
This multifaceted critical infrastructure environment needs to undergo regular, rigorous cybersecurity testing – and the only safe way to do it is in a non-production environment. This approach is best practice for critical infrastructure systems to ensure cybersecurity tests do not disrupt operational services or increase the system’s vulnerability. The challenge, however, is that it is often impossible for railway operators to replicate their entire IT, OT and physical railway systems.
RHEA’s CITEF™ solution provides a flexible, adaptable virtualization platform that enables emulation of complex system environments, such as railway networks, in a way that allows them to be rigorously tested against advanced cybersecurity threats.
CITEF goes beyond the general capabilities of a cyber-range by providing a hybrid cyber–physical capability, allowing real-world physical OT devices to be connected into any scenario. This ability means CITEF can deliver a comprehensive replication of any railway system, and other complex critical infrastructure, to support cybersecurity testing in a cost-effective, non-production environment. The aim is to make sure that it will never be a cyberattack that stops trains from running.