Human factors and cyber-security risks on the railway – the critical role played by signalling operations

Authors: Thron, E., Faily, S., Dogan, H. and Freer, M.

Journal: Information and Computer Security

Volume: 32

Issue: 2

Pages: 236-263

eISSN: 2056-497X

ISSN: 2056-4961

DOI: 10.1108/ICS-05-2023-0078

Abstract:

Purpose: Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway. Design/methodology/approach: Overall, 26 interviews were conducted with 21 participants from industry and academia. Findings: The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”. Originality/value: The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

https://eprints.bournemouth.ac.uk/38971/

Source: Scopus

Human Factors and Cyber Security Risks on the Railway – The Critical Role Played by Signalling Operations

Authors: Thron, E., Faily, S. and Dogan, H.

Journal: Information and Computer Security

Publisher: Emerald

ISSN: 2056-4961

https://eprints.bournemouth.ac.uk/38971/

Source: Manual

Human Factors and Cyber Security Risks on the Railway – The Critical Role Played by Signalling Operations

Authors: Thron, E., Faily, S. and Dogan, H.

Journal: Information and Computer Security

Volume: 32

Issue: 2

Pages: 236-263

Publisher: Emerald

ISSN: 2056-4961

Abstract:

Purpose - Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers, and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This article identifies the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of ‘Digital Resilience’ – for the concept of a resilient railway.

Methodology- Overall, 26 interviews were conducted with 21 participants from industry and academia.

Findings- The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations - directly or indirectly (e.g., workload and safety-critical communications) - which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This article identifies cyber-related problems including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness amongst the rail industry; training gaps; organisational issues and many unknown ‘unknowns’.

Originality- We discuss socio-technical principles through hexagonal socio-technical framework and Training Needs Analysis (TNA) to mitigate against cyber-security issues and identify predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

https://eprints.bournemouth.ac.uk/38971/

Source: BURO EPrints