IEC 62443 and the Pillars of Cybersecurity by Andrew Chan, Product Manager – Industrial Communication, Siemens

Transport operations are being shaped by the accelerated developments in technology and the realized benefits of the Internet and data. The challenge lies in achieving a digital transformation without jeopardizing the operational safety or exposing it to security vulnerabilities, all while addressing cybersecurity concerns and being cyber resilient.  

Transport operators are under pressure to improve all elements in operations and service delivery while being measured on profitability. In a digital age, especially as connectivity becomes more widespread, stakeholders in the transport sector require accurate and timely information that allows them to make informed decisions faster.  

Two concepts are commonly referred to in the cybersecurity world: (1) Security Levels and Maturity Levels from the IEC 62443 standard, and (2) the defence in depth concept. 

IEC 62443 is a series of international standards for securing Industrial Automation and Control Systems (IACS). An increasing range of technologies and processes are designed to comply with such standards, where every stage of the value chain and stakeholder is covered to enable standardized risk assessments and mitigation measures.  

Recognizing that not every system is equally critical, IEC 62443 defines four security levels (SL): from SL 1 (resistant to coincidental violations) to SL 4 (resistant against nation-state attacks). This applies to the component or system level and is something that many railway experts recognize as the security equivalent of the Safety Integrity Levels (SIL). Similarly, Maturity Levels (ML) are defined from ML 1 (ad-hoc processes) to ML 4 (evidence of documentation, process, practice and continuous improvement). These levels allow a clear and easily understood expectation of an organisation’s security posture. 

We can improve our cybersecurity posture by applying a defence in depth approach. Defence in depth is the concept of protecting a network with a series of defensive mechanisms such that, if one mechanism fails, another will already be in place to thwart an attack. Because there are so many potential attackers with such a wide variety of attack methods available, there is no single method for successfully protecting a network.   

Applying a defence in depth strategy will significantly reduce the risk of having a successful and likely very costly attack on a network. As the leading actor for accidents and faults, the “people” aspect is paramount to drive strong processes, the next pillar. “Processes” and standards need to be properly defined to protect against unintentional errors and form a baseline for the handling of threats and managing controls. “Technology” is the use of hardware (such as data diodes) and software solutions and strategies to achieve a cyber secure system.  

An overall defence in depth approach builds on a union of people, processes, and technology. Each pillar and its implementation will be unique to every organisation as they will have security levels and maturity levels. As we push and strive for innovation and transformation in our transport sector, we must recognise the importance of a holistic cybersecure strategy.  

Key trends in cyber security

 

Image: Pillars of Cybersecurity – People, Process and Technology. Source: Siemens 

President’s Letter – May 2021

Hi everyone and welcome to another edition of YTP’s quarterly newsletter. I hope you enjoyed learning more about YTP, our Committee members and the wide world of transport and are looking forward to another update! 

Since our inaugural newsletter release in January, the YTP Committee has been adjusting to Australia’s new normal. After 6 months of virtual communication, it’s been a refreshing change to meet in person – several of us for the first time at Barefoot Bowls in March! Check out this quarter’s events recap to read more about the evening, as well as the Downer Rollingstock Maintenance webinar series and our upcoming events. 

Also in this edition, we shine a light on key members of the Committee. In our regular ‘Get to Know the Committee’ feature, learn more about our Treasurer and Vice President, Adnan Alam, and our Communications and Digital Coordinators, Michael Greenwood and Russell Oliver, their different experiences in the transport industry and what they love about it. Our Membership Coordinate, Andrew Chan, gives us ‘A Minute on Cyber Security’, containing extracts from his AusRAIL presentation from last year: The Cybersecurity Challenges of Railway Data. 

As always, I would like to thank our industry partners, the Aurecon Jacobs and Mott MacDonald Joint Venture, the Victorian Department of Transport (DoT) and Metro Trains Melbourne, for their continued support. In particular, I would like to thank Emma Miller-Olsen, Operations Manager for Regional Roads Victoria (DoT) and one of Engineers Australia’s 2020 Professional Engineers of the Year, for taking part in our new  ‘A Day in the Life’ feature, along with key representatives from the Barwon South West Region. 

Our inbox is always open, so please get in touch if you have any suggestions on how we can improve articles or if you would like to contribute. Happy reading! 

Events Recap – Q2 2021

YTP Christmas Trivia 

After a long year, YTP celebrated the end of 2020 by hosting a virtual Christmas Trivia. The evening was a fun and eventful night filled with a variety of general knowledge and transport related questions. We also hosted breakout rooms to allow participants to meet new people and interact with others throughout the night. The event allowed us to see the competitiveness and imaginative drawings from our membersas well as the great banter between our hosts Anita and Edward. It was a great way to end a difficult year. 

Downer Webinar Series

Due to the uncertainty of restrictions, YTP decided to continue to host its next event online. We kicked off the New Year with another collaborative event, this time with Downer’s Rollingstock Services. The webinar series were run over two weeks covering the topics of Maintenance Best Practice on Optimisation and Automation. As the webinar was hosted during the day, it was a great opportunity for members to take a break during their work to see the steps Downer have taken to enhance their maintenance capability as well as their involvement with RMIT University. With the success of this event, we hope to be able to bring more collaborative series in the future.

YTP’s 7th Annual Barefoot Bowls

YTP’s first in person event was a success! It was great to once again see everyone in person for a great night of socialising and fun. At the time of organising this event, we were all a bit cautious in the case of an unexpected lockdown or possible reintroduction of restrictions. Thankfully the event was able to go ahead and it was enjoyed by many members. It was great to see both old members returning and new members attending their first event. We are hoping to put on more social events soon and ensure we can continue to put on more social events despite the uncertain circumstances.

This was also a different barefoot bowls compared to previous years as it was a self-funded event. Despite this, the event was successful and it was great to finally see everyone in person again after more than a year. A special thanks to Richmond Union Bowling Club for continuing to host us and allowing us to put on a great event.

Upcoming Events

The events team is currently in discussions with Siemens to host our quarterly forum. More details are to come soon. We are also hoping to facilitate some in person networking events in the CBD in the near future so make sure you follow us on social media and have signed up for emails to ensure you can get your hands on tickets as soon as they’re released! We looking forward to seeing many of you in-person and virtually again soon.

Get to the know the YTP Committee – Michael, Russell & Adnan

This quarter, get to know a little more about YTP Communications Coordinator, Michael Greenwood (MG); Digital Coordinator, Russell Oliver (RO); and Treasurer, Adnan Alam (AA). Michael currently works as Digital Engagement Coordinator for ARTC; Russell is currently an Integration Engineer with MTM; and Rail Systems Alliance and Adnan is a Secondary Systems Engineer at Metro Trains Melbourne. 

Michael, Russell, Adnan

Q: How many years have you been in the transport industry? 
MG: I have been in the transport industry just over two years but have worked in engagement for almost 10 years.  

RO: This year is my 4th year in the industry.  

AA: Just like RussellI have been in the transport industry for just over 4 years 

Q: What are some of your responsibilities as part of the YTP Committee?  
MG: As the Communications Coordinator I am responsible for the quarterly newsletter, sending out event invites, surveys, and all general member communication. I provide input on the content that goes out and am currently working with Russell to help with the development of the website.  

RO: As Digital Coordinator I have been responsible for administering the YTP website, creating graphics for use on your website and other media channels. 

 

AA: As the Treasurer, I am responsible for maintaining accurate records of the finances of YTP. This includes ensuring we meet our legal obligations as an incorporation from a financial perspectiveI am also the vice-president of YTP this year which means I help with general administration and running of YTP when required. 

Q: How did you enter the transport industry? 
MG: I moved to Australia from Scotland and never really had my eyes set on the transport industry. After about four months of being here I was offered a job with ARTC through a recruitment agency, and never looked back! I took on a full-time position and found myself absolutely loving the industry.  

RO: I entered the industry as a graduate with Rail Projects Victoria or the Melbourne Metro Rail Authority as it was known then, which was a fantastic starting point. I got to see how large projects are managed from a client/government side all the way to being onsite supervising construction activities 

AA: I joined MTM over 3 months as a 3rd year electrical engineering student looking to complete his work experience. The 3-month contract turned into a part time employment through my final year at university, followed by 2 years in the graduate program. I moved into the internal design space soon after. 

Q: What is your favourite thing about working in transport? 
MG: Learning all about Australia, the people, the rural communities, and how transportation is shaping Australia for the future. I work on the Inland Rail project so getting to understand the needs and wants of stakeholders across three states is a fantastic experience. Going out into the field and meeting people is a great perk! 

RO: I think it’s the knowledge that the projects you work will contribute to making in some way thousands or even millions of people’s lives just a little bit better by improving the way they can get to work, school or that important medical appointment on time. 

AA: For me it has always been about making a difference. I have had the opportunity to work on some major city shaping projects and Victorian firsts across the network where I am honoured to be able to have had some input which resulted in real change. While it might be recognised on a public forum, making that difference, and having that proud, “I did that” moment is my favorite thing about working in transport. 

Q: What innovations are you looking forward to in the transport industry? 
MG: I am interested in the data analytics side and how people engage with large projects. Input from the public is very important and giving an equal voice to everyone in the community is a vital step in any major project. Finding new ways to communicate and share knowledge is something I would love to see developed.  

RO: Semi and fully autonomous transport systems have the capability to make all forms of transport safer and more reliable which I think in turn will allow for more focus on the passenger experience. 

AA: With the spotlight on climate change and transitioning to cleaner fuels, I am looking forward to innovations in engine efficiencies and regenerative power resulting in a cleaner network.