Demonstrator development for the use of Formal Methods in railway environment and Support to implementation of CSIRT to the railway sector - S2R-OC-IP2-01-2019

Deadline: Jun 18, 2019  
CALL EXPIRED

SPECIFIC CHALLENGE

Shift2Rail has identified the use of formal methods and standard interfaces as two key concepts to enable reducing the time it takes to develop and deliver railway signalling systems, and to reduce high costs for procurement, development and maintenance. Formal methods are needed to ensure correct behaviour, interoperability and safety, and standard interfaces are needed to increase market competition and standardization, reducing long-term life cycle costs.

To widen industry take-up of these key aspects, Shift2Rail plans demonstrating technical and commercial benefits of formal methods and standard interfaces, applied on select applications.

The industry survey performed in TD2.7 has identified the learning curve and uncertain cost/benefit ratio as obstacles: the decision to start using formal methods is deemed too risky by management. Shift2Rail proposes to define and prototype a demonstrator of state-of-the-art formal methods, including the use of standard interfaces, to address obstacles of learning curve and lack of clear cost/benefit analysis.

The dramatic rise in the cybercrime targeting Industrials Control Systems (ICS) over the past years and the development of Intelligent Public Transport requiring a high level of integration of transport systems highlighted the need of cyber-security coordination between railway operators. Such coordination will require, in most of the cases, system integrator and railway manufacturer involvement.

In order to face such challenge, a network of cyber security experts dedicated to railway sector is to be developed.

In order to create and coordinate this network, Shift2Rail proposes to define and prototype a CSIRT (Computer Security Incident Response Team) collaboration tool fulfilling the specific needs of the railway sector.

The need of such collaborative tool has been emphasised over the time by the publication of the NIS Directive that requires coordinated cyber security incident reporting for critical infrastructures.

SCOPE

The activities shall cover:

•   Defining of formal development demonstrator with measured cost/benefit ratio and assessed level of learning curve for industrial application;

•   Defining and prototyping the CSIRT collaborative environment devoted to railway.

The proposals should address all work-streams described below, in line with the Shift2Rail Multi-

Annual Action Plan (MAAP):

1. In the framework of the introduction of Formal Methods in railway environment (linked with TD2.7 of the MAAP) the activities are expected to:

a. Describe and specify cost/benefit ratio and learning curves required, based on already developed use cases in Shift2Rail;

b. Create formal development demonstrator for railway signalling sub system using standard interfaces, exemplifying cost/benefit ratio and learning curves.

Foreseen achievable Technology Readiness Level: TRL 4

An indicative scheduling of the deliverables is suggested below48:

•   “Specification of formal development demonstrator” 1st draft: by M6;

•   “Formal development demonstrator prototype” 1st draft: by M12;

•   “Specification of cost/benefit analysis and learning curves” 1st draft: by M16;

•   “Formal development demonstrator prototype final release: by M20;

•   “Specification of cost/benefit analysis and learning curves” final version: by M24.

2. In the framework of the introduction of the Cyber Security in the railway sector (linked with TD2.11 of the Multi Annual Action Plan) the activities are expected to cover the following points:

•   To capture and specify the information sources, workflows and data flows required for

  the implementation of the CSIRT dedicated to railway sector, based on input to be

  provided by complementary activity;

•   To specify, implement and validate prototype of the CSIRT collaborative environment

  dedicated to railway, based on the CSIRT workflow model and on the recommendations from the complementary activity.

  The proposals should address all work streams described below, in line with the Shift2Rail Multi- Annual Action Plan (MAAP).

  In the framework of the standardisation of the cyber-security approach for railway (TD2.11), the activities are expected to liaise with the following member activities:

1. “TD2.11.8 CSIRT: Combining expertize – Designing a holistic knowledge base”: Shift2Rail will provide to the Open Caller a common “ontology” and a description of the current incident management workflows at operator, system integrator and manufacturer levels.

2. “TD2.11.9 CSIRT: Validation of CSIRT model dedicated to railway”: Shift2Rail will review and validate the Open Caller proposition for the definition of CSIRT workflows inside and between each organisation.

3. “TD2.11.10 CSIRT: Validate CERT collaborative environment »: Shift2Rail will review and validate the Open Caller proposition for CSIRT collaborative environment.

Foreseen achievable Technology Readiness Level: TRL4
An indicative scheduling of the deliverables is suggested below49:

•   For “CSIRT model dedicated to railway” 1st draft: by M7;

•   For “CSIRT model dedicated to railway” final release: by M11;

•   For “CSIRT collaborative environment prototype” 1st draft: by M16.

•   For “CSIRT collaborative environment prototype” final release: by M20.

COMPLEMENTARITY

As specified in section 2.3.1 of AWP 2019, in order to facilitate the contribution to the achievement of S2R objectives, the options regarding 'complementary grants' of the S2R Model Grant Agreement and the provisions therein, including with regard to additional access rights to background and results for the purposes of the complementary grant(s), will be enabled in the corresponding S2R Grant Agreements.

The action stemming from this topic will also be complementary to actions carried out within the following projects:

 S2R-CFM-IP2-01-2018: Advanced signalling, automation and communication system (IP2 and IP5)

48 The scheduling of the deliverables is provided to facilitate the complementarity with the CFM actions and it is not binding. Additionally, each deliverable may have some flexibility in the scheduling.
49 The scheduling of the deliverables is provided to facilitate the complementarity with the CFM actions and it is not binding. Additionally, each deliverable may have some flexibility in the scheduling.

 X2RAIL-2 (GA 777465). EXPECTED IMPACT

Regarding the work stream 1 the activities are expected to contribute to:

•   Reduction of cost and time-to-market for software-based railway signaling systems;

•   Increased market competition and standardization;

•   Impact management levels to widen use of formal methods and standard interfaces:

o Demonstrator for formal development, using standard interfaces o Clear cost/benefit analysis for applied formal methods
o Clear description of learning curve required

Regarding the work stream 2 the activities are expected to contribute to:

•   Sustainability in degraded situation by increasing in a significant way the cooperation reaction time and quality between all stakeholders in case cyber threat occurrence;

•   Security significant increase by :

  • o building a common and up-to-date threat landscape for railway
  • o sharing threat prevention or mitigation means
  • o increasing the cooperation between operators in the area of cybersecurity

Type of Action: Research and Innovation Action (RIA)