"In the end every company has some data that they don’t want to get into the wrong hands – be it internal communications or research results. Our research aims to detect such data exploitation."
For an industry as large and all encompassing as transport, data plays a huge role in its present and future – with vast quantities of information now available that can help improve applications as varied as signalling, ticketing, safety and maintenance. Naturally, being in possession of such sensitive information brings with it a risk, so preventing it from falling into the wrong hands is a priority. For the latest 5 Minutes With… we are lucky enough to have an academic, Steffen Wendzel from the University of Applied Sciences in Worms, Germany, who’s focusing his attention on helping keep data safe and free from exploitation.
The professor from the university to the south west of Frankfurt speaks to SmartRail World’s Dave Songer about the many considerations that need to be taken in keeping critical data secure, the future of artificial intelligence as he sees it and what he’ll be covering at the SmartRail, the Munich show he’ll be speaking at in June.
DS: Excellent of you to join us, Steffen. You don’t work in the transport industry as such, but you do work on systems and products that are used in it. Can you tell me about them?
Steffen Wendzel (SW): We basically have two things but the major point concerns data leakage protection. In the end every company has some data that they don’t want to get into the wrong hands – be it internal communications or research results. Our research aims to detect such data exploitation; let’s say that your organisation gets hacked and then someone tries to extract the data under the radar to avoid detection. To help strop that we’ve developed an artificial intelligence (AI) system that recognises it is happening, thanks to the development of algorithms that keep confidential documents, plans, internal reports and other sensitive data safe.
The second is fundamentally different from the first. We started working on it in January – so I can’t tell you too much about it as we don’t have any results yet – and it’s about registering manipulations on industrial control systems in the data that’s stored. This is particularly useful in the rail sector as you need to remotely control several key components of infrastructure – because if you can detect manipulations on systems that are designed by the attackers to appear legitimate then it’s very difficult to detect them.
But what if they’re actually causing damage? That’s why we want to find them in such a way that hopefully we’ll be able to distinguish legitimate modifications from the illegitimate ones. It’s a multi-purpose and multi-domain tool that uses AI to learn how the systems and data look and how it historically changes – for instance, through a process of optimisation we learn a lot about the data and after some time we are in a position to judge what is an anomaly and what isn’t and where you should react and how quickly.
To see Steffen and live discussions on the topics covered in this interview, visit SmartRail in Munich on 17-19 June, when infrastructure managers, passenger rail and freight operators and industry suppliers will cover the latest developments.
Confirmed speakers slots at the 3-day event include CTOs and CIOs from Deutsche Bahn, SNCF, Translink Arriva CZ and FS Italiane.
Visit the show website to see the agenda, speakers and register for the show.
DS: So, do you think AI will play a big part in rail?
SW: It’s hard to say how it will develop for the whole industry but I would assume that it helps optimise the network, so I would expect that for these purposes it’s a good tool. The results from AI are of high quality because the standard and traditional approaches of detection simply don’t compare to AI, which usually provides higher accuracy and higher precision. These results are much more attractive for major organisations. In academia it doesn’t matter so much, but if you’re in a major organisation and use traditional means to detect, for example, 1,000 alerts a day – 99% of which are false positives – that’s a huge amount of manpower. And it’s slow. Nobody really wants to do that, and with machine learning you get higher detection results – it will reduce costs, increase efficiency and also effectiveness of the investments and the money you spent on your staff and the tech. It has many advantages.
You do also need to exercise caution when using it, however, as if you use the wrong thing you’re not aware of it then you detect information that you don’t want to detect and in the end you get into trouble because of that. The case of Volvo in Australia in 2017 is a great example of this. The car manufacturer fitted a car with AI used for detecting large animals on the road, such as a dog that ventures into the road. The problem is the car failed to recognise kangaroos because they reflected a very different movement pattern that it wasn’t capable of recognising.
In the rail context, if you want to recognise humans or living creatures then you need to build the technology into the locomotive to detect whatever is on the track. Then you need to consider these elements and also information based on the region and the world in which you operate. You can’t do too much testing. AI is not the perfect solution for everything but it can help improve many things especially detecting threats and also vulnerabilities.
If you want to recognise humans or living creatures then you need to recognise these elements then you need to build the technology into the locomotive to detect whatever is on the track then you need to consider these elements and also information based on the region and the world in which you operate. You can’t do too much testing. AI is not the perfect situation for everything but it can help improve many things especially detecting threats and also vulnerabilities.
DS: What is the biggest professional challenge you’ve faced?
SW: Getting funding for our work is always a challenge! But I’d say from a technical perspective it’s more of a time problem; there are always so many ideas and so much stuff we want to work on but there is limited time. That’s the broad problem of academia – people around have many, many ideas and they are very dedicated but the limitation is often time.
DS: You’re due to speak at SmartRail in June – what do you think you’ll cover at the event?
SW: Data leakage protection: how it works, the scenarios behind it, how data can be exfiltrated and also what the typical cases that we monitor are. It could be internal staff members who want to switch to another company who are unsatisfied want to leak data or are paid for it by a competitor – things like that. I also think I will briefly speak about the Europol EC3-supported initiative called 'CUING', where we analyse the criminal use of data exfiltration. CUING is non-profit; we want to make the topic more public and help protect companies and individuals – and also governmental organisations – from data exfiltration. We also want to highlight the information that is available – it’s not about making money but telling people what’s going on and how to deal with this problem.
DS: Finally, we like to ask people where in the world their favourite rail journey is – where is yours and why?
SW: If you travel the around two hours between Mainz and Bonn in Germany, which has been a pretty regular trip for me in the last five years, you can enjoy several vineyards from the window of the train. Not only that but also wonderful mountains, countless castles, and the Loreley [pictured] – the train track goes along the Rhine river and through historic cities.
If you enjoyed this, check out our last with:
Darren Caplan, chief executive of the Railway Industry Association.