Cybersecurity considerations for CBTC

Communication Based Train Control (CBTC) and the European Rail Traffic Management Systems (ERTMS) are prevailing radio controlled systems for railway. As a part of the ERTMS standard, the European Train Control System (ETCS) implements on-board control systems throughout multiple radios. CBTC makes use of RF-based data communication systems (DCSs) for train control and traffic management. Even if ERTMS and CBTC have different origins, both make use of wireless communications for safety related systems. This paper describes cybersecurity considerations for CBTC. First, authors studied the impact of security on intra-vehicular communications in a real tunnel scenario, e.g. for urban transit where the usage of security is mandatory in order to maintain the system safety. Secondly, the impact of a jamming attack against ETCS radio has been analyzed. Measurement campaigns confirmed Host Identity Protocol (HIP) as an effective security solution at layer 3 in terms of the protocol overhead introduced. On the other hand, the Balise Transmission Module (BTM), included in ETCS standard, is sensitive to jamming attack and the measurements presented here would offer the sights for further security considerations around the CBTC.