This site is protected by reCAPTCHA and the Google
Terms of Service apply.
By Haroon RashidLike many industries, the rail industry has more data flowing in and out of more sources than ever before. This data is conceived at trackside sensors and then travels through several layers of hierarchy before it reaches the supervisory control and data acquisition (SCADA) system. It is further modified and streamlined before it can be sent to the main business system, where it is manipulated and formatted so that it becomes usable, actionable knowledge source for analytics and reporting.
With new cyber-threats emerging on a nearly daily basis, railway operators need to secure this data along the entire network path. At the business level, the information technology (IT) department has been securing critical data for years and has many technologies and systems in place. But security is a relatively new issue for the operational technology (OT) department, which is responsible for managing the data at the sensor and SCADA level. The American Public Transportation Association (APTA) is developing the guidelines for cybersecurity, which are derived from the Department of Homeland Security's defense-in-depth practices. This implies that, in order to attain a maximum level of security, all assets and data conduits should be secured individually, rather than having a single line of defense or security.Today, many industrial products are adopting proven IT technology to ensure the availability, integrity, and confidentiality of this data along the entire network path. Phoenix Contact's family of mGuard security devices combines IT-world security features with a robust design for the transportation infrastructure environment. The newest addition to this family – the TC mGuard – uses the cellular network to provide secure remote communications wherever a wired connection isn't possible. The TC mGuard's advanced features allow an infrastructure network to easily and securely connect to the enterprise network without IT intervention. The stateful inspection firewall prevents unauthorized access to the local network. An optional virtual private network (VPN) uses IPsec technology, an accepted and highly secure IT standard. It also has support for legacy serial RS-232 devices. By creating a secure SCADA and enterprise database framework, railway operators can restrict traffic to the network and limit the exposure of their critical data to external intrusions. Haroon Rashid is industry manager - transportation infrastructure for Phoenix Contact USA.