Cyber security at the heart of Leroy’s innovation strategy
The demand for the digitization of on-board train system architectures is growing at a fast pace for new build rolling stock vehicles and train fleet modernization projects. Nowadays, train control and monitoring systems (TCMS), passenger announcement and passenger information systems (PA-PIS), as well as auxiliary and traction power converters and energy storage systems are all interconnected though Internet Protocol (IP) networks and Ethernet-based end-devices. Networking is omnipresent in train mission-critical system architectures, and such network architectures shall be resilient to vulnerabilities and cyber threats to protect sensitive data from unwanted and unauthorized sources.
The use of hardware and software firewalls bring IT solutions for a very first line of defence by monitoring and filtering network traffics based on defined set of security rules. However, they may not suffice to protect system architectures against cyber-attacks (misconfiguration, misuse of password rules, vulnerability to internal threats, etc).
For such reasons, Leroy Automation is developing a range of hardware-based Ethernet data diodes or Cyber train communication gateways. Such EN 50155-compliant data diodes will guarantee two nodes or equipment to send only and to receive only data messages in a single direction from a source to a destination.
The benefits of using such IP-based devices would allow to secure data communication channels:
- between two end-devices without having interferences or jamming back to the source, and more generally preventing any hacking from destination to source ;
- between two independent train communication networks to exchange safety data such as train speed information from TCMS to PA-PIS subsystems.
The first released product will be announced at the SIFER 2023 railway trade fair – Stay tuned for more details!