Abstract
State-of-the-art rail systems require reliant, redundant and critical and secure communications. Data integrity is paramount when considering the criticality that the data payload remains secure for 24/7 year-round applications. With technologies such as Communications Based Train Control (CBTC) and Positive Train Control (PTC) being implemented, considerations for data integrity in these networks must include methods to avoid internal and external vulnerabilities.
Unlike traditional encryption methodologies, newer techniques involve tunneling payloads across open or closed networks; this method could include public unsecured networks. By utilizing a unique security appliance tunneled to a remotely connected network operations center, it is possible for a rail system to subscribe to a service to obtain military-grade data security capabilities and distribute secured communications throughout their operational territories via low cost data networks. This “security as a service” concept is especially useful for landlord/tenant relationships that would have previously resulted in duplicative system elements.
Security-as-a-service encryption methods commercially available for rail applications typically fall into one of three color-coded categories; green, red and gray. Green networks offer a single layer solution using NSA-approved cryptographic algorithms and are completely isolated from other methods. Red networks are highly secure, utilizing diverse layers of different algorithm types. Gray networks provide a secure gateway between red and green networks to effectively manage network and operational risks.
In the case of large freight territories, security as a service can help reduce network costs while improving security. For passenger rail systems, communication-based signaling systems should be strongly protected against data vulnerabilities resulting from either unintentional or malicious access to critical networks.
