“With systems now having 100,000s+ of connected devices that could be vulnerable, the need for security has never been more relevant. The hack of the San Francisco public transport system’s ticketing machines in 2016, and the WannaCry ransomware, have highlighted this.”
No less a person than Albert Einstein once said: “The definition of genius is taking the complex and making it simple.” The words of the famous physicist came to mind on a recent visit to the control room of a metro network, where the staff showed us the huge array of data that is now available to them. These immense quantities of data, along with the increased number of networks, applications and devices that are employed across rail and metro networks, has changed how our industry works, irrevocably. And when it comes to signalling and train control, digital transformation offers both huge opportunities and some significant challenges, as explains Daniel Faurlin from Alcatel-Lucent Enterprise.
Although traditionally serial-based, rail and metro communications networks are moving to IP and, in wired networks specifically, to IP/Ethernet. As part of this move a modern rail network now typically operates sub-systems off an access backbone network within the core network. The subsystems usually consist of Communications systems (e.g. voice, radio and public networks), Security systems (CCTV, access control, Operations centre day-to-day and crisis operations), Electro-mechanical & BMS (Scada), Information systems (public address, information, commercial messages) and Business applications (ticketing, CRM and retail).
These sub-systems use technologies enabled by the Internet of Things (IoT) and in some cases with sensors across the train and track-side feeding a stream of information on everything from anomalies in speed, temperature and mechanical defects on railways, to the number of rail cars waiting at a station. The tech that ALE supplies to railways around the world ensures this critical information is processed and acted on to maximize passenger safety. These sub-systems can reduce congestion and energy use, and improve operational performance, for example, Power over Ethernet simplifies device and sensor installation by eliminating the need for wiring in hard-to-reach and sometimes dangerous places.
IoT devices enable a diverse set of applications but they are all linked by a common thread, connectivity to a network infrastructure. However, while sub-systems connected within an IoT network offer a host of positives, it can also create potential problems.
This article was taken from Fast Forward, a 24-page publication featuring reactive infographics and thought provoking editorials on some of the key challenges facing 21st century transport, including passenger safety and experience and operational efficiency.
SmartRail World has exclusive rights to host the document and it's free to download here.
All rail sub-systems are vulnerable. In a poorly designed network, a compromised IoT device can provide a gateway to the rest of the network and other sub-systems. Attacks on non-critical networks like passenger Wi-Fi may seem, at the time, like an inconvenience rather than a major problem but can leave the entire network exposed to cyber criminals. With systems now having 100,000s+ of connected devices that could be vulnerable, the need for security has never been more relevant. The hack of the San Francisco public transport system’s ticketing machines in 2016, and the WannaCry ransomware, have highlighted this. But a properly designed network, as deployed and built by ALE with appropriate security measures, will reduce the risk of successful cyberattacks.
ALE minimises risks by using IoT containment to separate and secure specific devices or a group of devices on a network. Each key system, for example ticketing or video surveillance, are in different virtual network containers for a business-critical network, so should one be compromised the whole network doesn’t fall victim. This approach is essential to maintaining security. ALE offers a physical network but with multiple virtual networks. As a result, there are no back doors. We recommend a separate safety-critical network for signalling, using the same containment approach to secure a virtual backup network.
The focus from the team at ALE is to simplify IT for rail and metro with a single network management system. And this simplification of design has benefits beyond just keeping the network safe and secure. In our conversations with rail and metro operators, a key concern over major investments is its ability to keep pace with often rapid technological change and avoid obsolescence. There have been several recent examples where an upgrade of a system has cost more than the original equipment purchase.
ALE is keenly aware of this potential barrier, and ensure that the networks are scalable and are easily able to absorb new devices as they grow and evolve. Hardened gigabit ethernet switches designed for outdoor deployment feature Power over Ethernet (PoE) to ensure scalability and simplify device and sensor installation.
Similar to overcoming operators' concerns about adopting a digital network, ALE user-centric solutions ensure that staff are up and running quickly with the new technology. And the award-winning Intelligent Fabric (iFab) technology helps get teams operational, faster, with self-healing and automated device discovery abilities.
With ALE networks often operating outside, trackside and in harsh conditions, robustness is another key requirement. ALE switches and sensors are within a hardened equipment solution with a ruggedised design. They are designed based on the needs of transportation customers. Because of the tough environment found at the track-side, these devices need to be hardened to support extreme temperatures, fan-less because it’s a dusty environment and in addition, cope with temperature, vibration, shock and humidity. And we provide the only rugged switch that supports Shortest Path Bridging (SPB), a computer networking technology that helps build better bridged networks and significantly reduces re-convergence times, avoiding the high price of Multiprotocol Label Switching (MPLS) and limitations of Spanning Tree Protocol (STP).
The ALE approach offers a physical network with multiple virtual networks, along with a comprehensive layered approach to provide network security to minimise risks from cyberattacks. This focus also ensures that costs are lower than conventional networks, roll out is easier and expanding and amending the network in the future is straightforward. ALE is proud to deliver networks to a growing number of rail and metro operations around the world and provide both improved safety and efficiency.
Daniel Faurlin is business line manager for vertical network solutions at Alcatel-Lucent Enterprise.