Scholarly article on topic 'PROTECTRAIL – The Railway-Industry Partnership for Integrated Security of Rail Transport'

PROTECTRAIL – The Railway-Industry Partnership for Integrated Security of Rail Transport Academic research paper on "Economics and business"

CC BY-NC-ND
0
0
Share paper
OECD Field of science
Keywords
{Protectrail / "Railway Security" / "Integrated Security"}

Abstract of research paper on Economics and business, author of scientific article — Vito Siciliano, Élodie Roché, Matthias Buchhorn, Franco Cataldo

Abstract Devastating events such as the 9/11 attacks, as well as the London and Madrid bombings have magnified the need for enhancement in security, particularly in areas of high civilian density. Rail transport is one of those areas and combined with the “globalisation” of security risks, the need for rail security stakeholders to work together and share knowledge has been heightened. PROTECTRAIL is a research project, which seeks to provide a range of integrated railway security solutions. The project follows on directly from the TRIPS project, which sought to design and demonstrate an anti-terrorist detection system. PROTECTRAIL aims to provide a future-proof approach, which can be practicably applied in a realistic context; therefore the project focuses on integrating technologies in an interoperable manner. To achieve this, PROTECTRAIL has agreed on a common architectural design framework, which will ensure that the solutions developed can interface with each other and behave as decoupled Services orchestrated to create systems that are suitable for complex threat scenarios. The principle objectives of this project are to address the security requirements in a future-proof approach in a rail industry where life expectancy of systems is of several decades, while threats and unsocial behaviours change on a daily basis. Accordingly, the project develops a host Service Oriented based architecture and the first elements of a “toolbox” (processes and technologies) to take care of the prominent current needs. The document concentrates on this future-proof architecture, consistent with the current ICT visions, with the aim that the results from this project provide the basis for the future design of homogenous security systems.

Academic research paper on topic "PROTECTRAIL – The Railway-Industry Partnership for Integrated Security of Rail Transport"

Available online at www.sciencedirect.com

SciVerse ScienceDirect

Procedia - Social and Behavioral Sciences 48 (2012) 1642 - 1648

Transport Research Arena- Europe 2012

PROTECTRAIL - The Railway-Industry Partnership for Integrated Security ofRail Transport

Vito Sicilianoa9 Élodie Rochéb, Matthias Buchhornc9 Franco Cataldod'*

aAnsaldo STS S.p.A, Via P. Mantovani 3-5, 16151, Genova, Italy bThales Communication and Security, 20-22 Rue GrangeDame Rose, 78140, Velizy Villacoublay, France cBombardier Transportation GmbH, Schoenberger Ufer 1, 10785, Berlin Germany dUNIFE- The European Rail Industry, 221 Avenue Louise, 1050, Bruxelles

Abstract

Devastating events such as the 9/11 attacks, as well as the London and Madrid bombings have magnified the need for enhancement in security, particularly in areas of high civilian density. Rail transport is one of those areas and combined with the "globalisation" of security risks, the need for rail security stakeholders to work together and share knowledge has been heightened.

PROTECTRAIL is a research project, which seeks to provide a range of integrated railway security solutions. The project follows on directly from the TRIPS project, which sought to design and demonstrate an anti-terrorist detection system.

PROTECTRAIL aims to provide a future-proof approach, which can be practicably applied in a realistic context; therefore the project focuses on integrating technologies in an interoperable manner. To achieve this, PROTECTRAIL has agreed on a common architectural design framework, which will ensure that the solutions developed can interface with each other and behave as decoupled Services orchestrated to create systems that are suitable for complex threat scenarios.

The principle objectives of this project are to address the security requirements in a future-proof approach in a rail industry where life expectancy of systems is of several decades, while threats and unsocial behaviours change on a daily basis. Accordingly, the project develops a host Service Oriented based architecture and the first elements of a "toolbox" (processes and technologies) to take care of the prominent current needs.

The document concentrates on this future-proof architecture, consistent with the current ICT visions, with the aim that the results from this project provide the basis for the future design of homogenous security systems.

© 2220122 Published by Elsevier Ltd. Selection and/or peer review under responsibility of the ProgrammeCommittee of the Transport Research Arena 2012

Keywords: Protectrail; Railway Security; Integrated Security

* Corresponding author. E-mail address: franco.cataldo@unife.org

1877-0428 © 2012 Published by Elsevier Ltd. Selection and/or peer review under responsibility of the Programme Committee of the Transport Research Arena 2012

doi:10.1016/j.sbspro.2012.06.1139

1. Introduction

1.1. Background

The various means of transport - road, rail, air, maritime and inland water ways - and their network can be considered the "lifeblood" of modern society. Their use has now become so finely balanced and interconnected, that even minor disruptions could have a far-reaching impact. A terrorist attack could provoke disaster and destabilise society and business. Furthermore, other crimes and fraud are also to be considered as significant cause of damage and loss of property and lives.

Rail based transport assets, such as trains, nodes (railway stations, yards, border crossings, way-side) and infrastructure (bridges, tunnels, networks) are particularly vulnerable to external and internal attacks. It is absolutely vital to protect these neuralgic points and to address via an integrated approach, current security threats to railway operation, as well as evaluate the social and financial consequences of these attacks. Identifying these threats and their impact and promoting threat-cost-benefit optimised solutions will provide opportunities to improve competitiveness of the industries and railway operators. In order to provide reliable, cost-effective tools in assessing, preventing and fighting the threats of international terrorism and criminality, different framework conditions and regional disparities must be analysed. Though their numbers are low, terrorism acts with their huge impact both in terms of human life and economical incidence must especially be carefully analysed. Any railway security research must deploy great efforts to identify all measures to fight terrorism. Nevertheless, security threats assessment needs also to integrate prevention of the other crimes: robbery, assaults, trafficking illegal substances, vandalism and fraud.

The challenge of any railway security solution is to quickly detect threats without disrupting the daily flow of passengers and goods. This is especially demanding in Europe where the railway network is so extensive. Indeed, European railway systems move huge volumes of traffic of passengers and freight over almost 200.000 km of lines. Every year, UIC reports in EU27 transportation of more than 350 billion "passenger km" and 380 million tons of freight over local, national and international rail networks. Furthermore, the European fleet is huge and consists of no less than 30.000 locomotives, 90.000 coaches and 450.000 wagons. With the enlargement process, the protection task is even more demanding. EU shares now direct borders with politically less stable regions. The EU must now ensure that a consistently high level of security is established across its new, more diverse territory.

Moreover, the general political intent in nearly all EU countries aims at making railway traffic faster, more comfortable, efficient and more international, due to increased demand and to environmental reasons. Thereof a major consequence is that the importance and impact of railway system on European economy, its citizen life and more generally the environment is tremendous and increasing, while its security protection is becoming more complex. Only an integrated and interoperable approach where security concepts and practices are shared between the (mostly national) railway operators, can meet this challenging evolution.

Measures to increase security in mass transportation systems are already becoming a growing "business requirement", as well as a prerequisite for passenger operators and will be so in years to come. Thus, strong competition in the coming years is foreseen in the security European market. Furthermore, in an industrial society, potentially hazardous raw materials and chemicals and toxic substances are transported by railway. The issues of cargo tampering, people and contraband smuggling and terrorism need to be assessed and the proposed solutions must be based on realistic freight "risk" assessment, associated to "transport mode" and local threat scenarios. Tracking of cargoes, sensors to notify operators

of intrusion and performance of cargo control and protection must be evaluated to ensure security without harming transport chain activities" fluidity, productivity and cost-effectiveness.

1.2. Objectives oftheProject

The principle objectives of PROTECTRAIL are to address the security requirements of a rail industry where the life expectancy of systems is of several decades, while threats and unsocial behaviours change on a daily basis.

The PROTECTRAIL project started in September 2010 and is expected to conclude in March 2014. The overall budget is €21.8million, for a 29 partners Consortium composed of industries, end users, universities and research centres (see Appendix A.).

On a technical point of view, the project develops a host SOA-based architecture and the first elements of a "toolbox" to take care of the prominent current needs. The rest of the document concentrates on this future-proof architecture, consistently with the current ICT visions. The components of the toolbox will be as diverse as:

• Immunity of signal and power distribution systems against electromagnetic terrorism acts,

• Detection of abnormal objects on or under ballast,

• Clearance of train before daily use,

• Control of access to driver's cabin, detection of unauthorised driver,

• New methods/tools to isolate secure luggage.

Finally, PROTECTRAIL has the ambition to contribute to the reduction of disparities on security between European Railway systems.

2. PROTECTRAIL project

2.1. Building on from TRIPs

It can be said that PROTECTRAIL is a continuation from the TRIPS (Transport Infrastructure Protection System) project, particularly when considering the team who are involved in PROTECTRAIL. TRIPS was a railway security project that was a first attempt to begin to identify key issues and develop "best practices" for railway security. TRIPS achievements included qualifying and quantifying security threats to railway systems including the risks and vulnerabilities, assessing technologies which could be useable in a railway environment, propose and develop system architectures and demonstrate the feasibility of the developments of the project in a real life railway environment.

The types of technologies implemented in TRIPS included:

• Boarding security check;

• Video tracking (passenger and luggage);

• On-board monitoring;

• Removal of explosives;

• Reactions to a terrorist attack;

• Detection of explosives under ballast.

These technologies and other developments that came out of TRIPS provide a starting point from which PROTECTRAIL shall continue to progress and build upon.

2.2. The PROTECTRAIL approach

Facing the problem of enhancing the railway security with a systematic top-down approach (i.e. to search for an all-inclusive solution valid for all the conceivable threat scenarios) has been judged by the PROTECTRAIL project to be too ambitious, even if it could generate potential economies of scale and effort rationalisation. PROTECTRAIL will tackle the railway security problem from a layered "system integration" perspective. The PROTECTRAIL approach is therefore to split the problem of making the railway more secure into smaller asset-specific security problems (missions) for which it is easier to reach satisfactory solutions applicable and usable in different threat scenarios. Each sub-mission oriented solution covers significant areas of interest, resulting both from specific risk analysis and from user priorities (rail operator and infrastructures managers). By selecting the performance goals, for each sub mission will be defined, developed and demonstrated effective solutions in terms of system architecture, technology deployment, procedures, tools and organizations to manage specific threat scenarios.

Sub-mission A

Fig. 1. The PROTECTRAIL approach: building blocks of sub-missions oriented solution

The challenge is therefore to make the single asset-specific solutions interoperable and to conceive and design a modular architectural framework where each asset-specific solution (Figure 1 - building blocks) can be "plugged". This is the basis to assure a streamlined process of federation, integration and interoperability of respective solutions.

2.3. PROTECTRAIL Security Sub-Missions

Security sub-missions are a set of realistic issues of protection needs and requirements in rail transportation systems. The selection of security sub-missions is based on a "holistic method", based on risk evaluation and selected identified priorities by end-users and rail operators, and takes into account of cost-benefit analyses, as well as the attitudes and behaviour of both individuals and groups and their dynamic.

Security sub-missions therefore embrace many parts and components of the railway system (physical, operational and transported assets) and incorporate various threats scenarios and conditions.

For each security sub-mission, PROTECTRAIL will develop and implement asset orientated solutions, which will be based on integrating existing technologies, but will also be ready to accommodate the new technologies as they become available. Therefore, these solutions will be designed under an interoperable framework which will mean they can be "plug and played" to form a custom security system.

The project has identified that security protection is serving two main types of asset: physical and operational assets which include the infrastructure and the rolling stock, and transported assets (passengers and goods). The following are a list of security sub-missions for which security solutions are being developed for:

• Stations and Buildings control;

• Structures control;

• Tracks clearance;

• Signalling and power distribution;

• Communication and information systems ;

• Rolling stock clearance;

• Staff Clearance and Access Right Management;

• Passenger Clearance Control;

• Luggage Clearance Control;

• Freight Clearance Control.

2.4. Solutions to be integrated

In order to answer the security sub-missions, diverse protection solutions need to be integrated. These protection solutions are largely based on state of the art technologies, which may or not be used on the railways at the moment.

The project is currently starting to develop the first elements of the PROTECTRAIL toolbox, using the appropriate standards in order to be integrated in the host SOA-based architecture.

2.5. Sub-Mission Scenarios

For each security sub-mission, scenarios are being developed which will then form the basis of the projects demonstrations. The project is organized so that there is work package dedicated to each of the respective sub-missions. These demonstrations will further validate the developments from the project and illustrate the application of results in realistic and relevant situations.

3. An open architecture / integration framework

One of the first tangible results of the PROTECTRAIL project is an open architecture which provides an open and flexible integration framework, based on several core requirements:

• To be interoperable, by having the various sub-systems cooperating and exchanging reliable information, within the diversity of technologies, interfaces and design patters, both legacy and future.

• To be modular and scalable, that is to say to have independent and autonomous sub-systems that are correlated and may be replaceable.

• To be able to integrate all subsystems which concur in security of public transport (legacy and new) in a flexible system of systems.

In order to achieve this, PROTECTRAIL has decided to implement a Service Oriented Architecture. SOA takes into consideration not only an interface description, but a set of design principles that improve the business objectives of scalability, modularity and interoperability.

Linked to that aspect, every module connected to this SOA has been specified to be Event Driven, with common time reference and absolute geo-location, this allowing having an infrastructure monitored, analyzed and enriched with events, in addition to what is already defined in the business process. Long running processing capability enables the architecture to collect various asynchronous events over a long period of time and correlate these events to one system.

Web-Services can be used to implement a Service Oriented Architecture in a standardized way. WebServices make functional building blocks accessible over standard Internet protocols independent of platforms and programming languages. These services can represent either new applications or just wrappers around existing legacy systems to make them network-enabled.

PROTECTRAIL shall accommodate scenarios with decoupled service components for orchestration reasons. Orchestration of Services allows to develop complex threat scenarios by using Complex Event Processing and Business Process Management. For this matter, an Enterprise Service Bus (ESB) may be used to implement this SOA principle as it can deliver fundamental services for complex architecture in a standards-base way.

Needless to say that all of these activities are strongly linked and relied on the existing and emerging related standardization activities, such as those of IEC TC9 WG46 which is about non-safety-critical onboard ICT.

4. Conclusions

The benefit of integrating security solutions at a global level will allow for more efficient threat detection and better level of threat intelligence. It will also allow for a more coordinated and coherent approach to the management of actions relating to risks or crisis situation.

As already highlighted there is not a common approach in managing security across Europe; however risks and threats are becoming increasingly common. PROTECTRAIL will develop and identify a common set of risks and threats that railways in Europe face, both in the present day as well as in the future. This will serve to assist a more efficient and overall better understanding of what security measures should be considered. Then, based on these risks and the security sub-missions, integrated security solutions are being developed and will be implemented, largely based on mature technologies. Underpinning these solutions will be the interoperable architecture framework in which these solutions will be designed under, this will ensure that the solutions are able to interface and integrate with each other in order for operators to be able to "plug and play" solutions, that is to say to have Service registration, discovery, security and orchestration.

Appendix A. Project Consortium Members

No. Beneficiary organisation name Country Sector

1 Ansaldo STS S.p.A. IT Industry

2 Nederlandse Organisatie voor Toegepast-natuurwetenschappelijk onderzoek TNO NL University & research

3 Selex Elsag S.p.A. IT Industry

4 Union Internationale Des Chemins De Fer FR End user

5 Selex Sistemi Integrati S.p.A. IT Industry

6 Bombardier Transportation GMBH DE Industry

7 Alstom Transport SA FR Industry

8 Thaïes Communications & Security S.A. FR Industry

9 Sarad GmbH DE Industry

10 UNIFE - The European Rail Industry BE End user

11 Morpho SA FR Industry

12 Ductis GmbH DE Industry

13 Zeleznicna spolocnost' Slovensko a.s. SK End user

14 AB Lietuvos Gelezinkeliai LT End user

15 ItalCertifer S.c.p.a. IT End user

16 PKP Polskie Linie Kolejowe SA PL End user

17 D'Appolonia S.p.A. IT Industry

18 Elbit Systems Ltd. IL Industry

19 Facultés Universitaires Notre-Dame de la Paix BE University & research

20 EPPRA S.A.S. FR Industry

21 Kingston University Higher Education Corporation UK University & research

22 SODERN S.A. FR Industry

23 Smiths Heimann S.A.S. FR Industry

24 Instytut Kolejnictwa PL University & research

25 CEA Commissariat à l'Energie Atomique et aux énergies alternatives FR University & research

26 Institut Franco-Allemand de Recherches de Saint-Louis FR University & research

27 TCDD - Turkiye Cumhuriyeti Devlet Demir Yollari Isletmesi Genel Mudurlugu TR End user

28 MER MEC S.p.A. IT Industry

29 Société Nationale des Chemins de Fer Français FR End user