The customer is a metro rapid transit system with two primary lines, a system length of approximately 40 km (25 mi), and a daily ridership of 35,000 passengers. The system currently has 29 operational stations with a plan for 54 and approximately 100 coaches.
The customer is focused on providing safe, fast, and eco-friendly transportation services to the public at affordable rates while simultaneously reducing the congestion on the area roads and is committed to delivering world-class state-of-the-art technology.
In an externally verified cybersecurity risk assessment conducted on existing trackside infrastructure some gaps and vulnerabilities were documented in the systems and architectures that could not be replaced or redesigned at the time. The risk assessment found a communications model in use on the customer's signaling IP network in which communications were being sent from higher security zones to lower security zones and there was no current model to alert on or prevent these policy violations.
Thus, the customer’s primary motivations for the project were twofold – first to deploy passive, virtual segmentation that could divide the network into security zones and conduits and alert on policy violations, and second to use this security segmentation as a compensating security control to address the risk assessment gap findings and comply with IEC 62443-3-3 requirements protecting the existing signaling network and applications infrastructure.
Upon successfully winning the project in late 2020, Cylus worked jointly with the customer and the signaling equipment provider to deploy CylusOne to protect the following applications on both customer lines – ATS, ATP, CBI, and CCTV. CylusOne was deployed on-premise in both the central equipment room and a back-up central equipment room that are used in the control of both lines.