Topic: A threat perspective in cyber-physical cyber security
Hosted by the AISA Brisbane Branch, please join us for a face-to-face meeting and networking opportunity with a live and interactive presentation from guest speaker Duncan Unwin, who will discuss the challenges that securing complex cyber-physical systems of systems. He will share some of the insights gained in developing the Australian standard for rail cybersecurity (AS7770) and from recent research he has completed on risks in this area.
Cybersecurity threats to railways are increasing, both due to improvements in the techniques of hackers and the increasing merger of cyber and physical spheres. Accepted approaches to safety can be extended to consider the risks from cyber, however the nature of railways as complex cyber-physical systems of systems may require a broader approach beyond functional safety.
The presentation will explore some of the cybersecurity hazards identified via war gaming. We will show that while standard engineering approaches are effective in building new rail control system components, a broader and more creative consideration of attacks has benefits. In particular we will share some of the novel attacks identified that have an ability to cause mass disruption by targeting the fail-safes designed to ensure safety or auxiliary systems that are not directly classified within the scope of the ICS. Typically these have not been considered in the design of functional safety controls in rail.
Unwin D, Sanzogni L. Railway cyber safety: An intelligent threat perspective. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit. March 2021. https://doi.org/10.1177/09544097211000518
Participants will have the opportunity to ask questions of the speaker and a light lunch and refreshments will be served before the presentation.
Speaker: Duncan Unwin
Duncan has been working in cybersecurity architecture since 1996. He has worked across a range of critical industries and in high threat environments, from online payments to control systems to emergency and security services. In 2014 he founded Tobruk Security to focus on cyber in these types of domains. He was the lead author of AS7770 Railway Cybersecurity. (Tobruk Security has recently become part of Business Aspect, the consulting division of Data3.)
Time: 12pm - 1:30pm (AEST)
(Registrations open from 11:45am; Light lunch and refreshments served from 12pm and Presentation from 12:30pm)
AISA members: Please sign in to register for this event. Registration closes on 21 September 2021
Non AISA Members: If you would like to become an AISA member you can join here
For any queries, regarding this event please contact AISA Event & Sponsorship Manager, Susanna Palermo via email [email protected]
AISA presentations are intended for educational purposes only. Statements of fact and opinions expressed are those of the participants individually and, unless expressly stated to the contrary, are not the opinion or position of AISA, its sponsors, or its partners. AISA does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented. Attendees should note that sessions may be recorded and published in various media, including print, audio and video formats without further notice.