The customer is one of Europe’s most prominent rail companies with a system length of approximately 12,000 km (7,450 mi) and 1,500 stations supporting over 1.7M trains in circulation annually. The customer is focused on being at the forefront in maintaining the role played by new rail technologies.
Their corporate vision is to be a benchmark as an organization focused on managing reliable, sustainable, safe, and intelligent infrastructures that contribute to the new model of ecological transition. And their mission is to operate, manage and build a smart rail network adapted to the new, competitive and sustainable technological ecosystem, thus contributing to the sustainable development goals (SDGs).
The project's genesis began in early 2021 with a cybersecurity risk assessment conducted on the customer’s existing trackside signaling infrastructure. As a result of the risk assessment, the customer and their rail integrator for signaling, Thales, began to investigate cybersecurity solutions for their rail-specific technology environment.
Additional requirements that arose during the project included support of auxiliary systems, including the CCTV and VoIP applications, and integration support with the customer’s IBM QRadar security information and event management (SIEM) solution.
As an initial step in the project in September 2021, Cylus was asked to validate the CylusOne rail technology security platform in Thales’ technology lab. Upon successfully completing this validation, the customer outlined an initial, limited project deployment in the live trackside network in late September 2021. The design layout of the project is shown in the image below, which included using a non-intrusive virtual (VMware ESXi) network probe to monitor the multi-vendor trackside network covering the multiple signaling channels and supporting the auxiliary CCTV and VoIP applications.
The initial deployment was designed to run continuously for three months and also included monitoring for cybersecurity anomalies using external threat intelligence from Cylus research labs and included integration into the customer’s SIEM solution.
The customer's initial deployment success criteria included:
The major rail technology security outcomes resulting from the deployment of CylusOne in the customer’s signaling infrastructure included:
At the successful conclusion of this initial project, Amir Levintal, CEO and Co-Founder at Cylus, and Agustín Solís Pila, Business Development Cybersecurity at Thales, presented a joint case study at Rail Live 2022. The presentation, titled “Cylus and Thales - Bridging the Gap Between Cybersecurity and Rail Operations,“ offered a view into the collaborative project the companies are partnering on for one of Europe's most prominent rail companies to protect its signaling system.