back arrow
Back to Resources
Case Study

Security Monitoring and Segmentation to Proactively Address Cybersecurity Needs

Security Monitoring and Segmentation to Proactively Address Cybersecurity Needs
Case Study

Security Monitoring and Segmentation to Proactively Address Cybersecurity Needs

Metro Rapid Transit System
icon location
24/7 Cybersecurity Threat Detection and Response
IEC Zones and Conduits Network Segmentation
Proactively Addressing Rail Cybersecurity
customer icon

The Customer

The customer is a metro rapid transit system with two primary lines, a system length of approximately 40 km (25 mi), and a daily ridership of 35,000 passengers. The system currently has 29 operational stations with a plan for 54 and approximately 100 coaches.

The customer is focused on providing safe, fast, and eco-friendly transportation services to the public at affordable rates while simultaneously reducing the congestion on the area roads and is committed to delivering world-class state-of-the-art technology.

"We’re providing safe, fast, and eco-friendly mass transit services to the public at affordable rates while simultaneously catalyzing dense and orderly urban growth. And cybersecurity is very much a component of properly ensuring the safety of our systems and passengers."
Managing Director
challenges icon

The Challenges

In an externally verified cybersecurity risk assessment conducted on existing trackside infrastructure some gaps and vulnerabilities were documented in the systems and architectures that could not be replaced or redesigned at the time. The risk assessment found a communications model in use on the customer's signaling IP network in which communications were being sent from higher security zones to lower security zones and there was no current model to alert on or prevent these policy violations.

Thus, the customer’s primary motivations for the project were twofold – first to deploy passive, virtual segmentation that could divide the network into security zones and conduits and alert on policy violations, and second to use this security segmentation as a compensating security control to address the risk assessment gap findings and comply with IEC 62443-3-3 requirements protecting the existing signaling network and applications infrastructure.

To find a rail technology cybersecurity solution to meet their needs, the customer issued a CBTC tender with requirements that included:

  • A solution capable of presenting all assets in the system in real-time.
  • A solution capable of alerting on threats that can affect safety and availability, including: spoofing of safety commands, malicious use of fail-safe mechanisms, based on deep-packet inspection of railway-specific application protocols.
  • A solution that integrates with the security information and event management (SIEM) system and can export alerts to geographical locations used by railway operations teams.
  • A solution with CBTC installation references in India and 3 global installation references.
  • A solution compliant with ISO 27001 and IEC 62443-3-3.
solution icon

The Solution

Upon successfully winning the project in late 2020, Cylus worked jointly with the customer and the signaling equipment provider to deploy CylusOne to protect the following applications on both customer lines – ATS, ATP, CBI, and CCTV. CylusOne was deployed on-premise in both the central equipment room and a back-up central equipment room that are used in the control of both lines.

The major cybersecurity and operational improvements for the customer as a result of the deployment of CylusOne in their signaling infrastructure have been:

  • Segmentation and railway zoning enforcement between different subsystems. Segmentation policies are automatically created, and violations are automatically identified. Firewall rules are then updated and identified misconfigured firewall rules can be immediately corrected.
  • Risk assessment gaps have been proactively addressed and IEC 62443 zones and conduits requirements are now implemented in the signaling infrastructure.
  • Real-time visibility of all connected assets in the trackside environment including all subsystems. This allows security and operations teams to maintain asset inventories and track what changes occur over time.
  • Cybersecurity threat detection in all the trackside subsystems with automated response and remediation playbooks for both the security and operations team personnel.
“A metro system is an ideal target for terrorists and miscreants. Security is a relatively new challenge in the context of public transport and working with Cylus to meet our security needs has been great in this regard. Security problems or threats are caused by people whose actions aim to undermine or disturb the public transport system. Our cyber efforts aim to minimize these threats.”
GM Signaling and PSD

Let’s Talk About Securing Your Rail

Our experts will get you back on track

Schedule a Call
Blue right arrowWhite right arrow