Network Baselining to Detect Unexpected New Devices
THE CHALLENGE
Maintaining consistency across a large estate of devices
Rail operators are moving into a new realm of digitisation and managing IP connected assets in a diverse estate. This brings with it new challenges for managing the IP network, ensuring consistency across a fleet and understanding what is connected to the rolling stock or signalling network.
Maintaining an accurate picture of such a large estate can be especially challenging for a train operator, train builder or system aggregator. Network traffic flow assessments, like the RazorSecure Data Study, can be completed during the design and delivery process, however these are a one-off activity. Cyber security needs to be considered over the whole life of the asset, it is a continuous process that requires management beyond the delivery phase into the active operation and end of life.
When looking at network traffic, each network must be considered to be unique. Even in a scenario where there are 100 trains that have the “same” onboard network, there is no guarantee that consistency has been achieved across the fleet
THE SOLUTION
Delivering a full picture of the network traffic flows
RazorSecure Delta and Network include network traffic analysis as a standard part of the software offering. They look at the ethernet packet header data, up to OSI layer 4, and build a baseline of network traffic observed from their position within the onboard or signalling network.
By basing the network baselining on the packet headers, it allows for monitoring of a full range of ethernet protocols and does not require distinct capability for rail specific protocols or proprietary protocols. Each packet is considered and classified by the model, regardless of payload.
Importantly the network baselining technology that we use will work across an entire fleet, allow you to review traffic flows even across similar networks. This gives clarity across the entire network, detection of new network traffic flows and unexpected devices being connected to the network
Solution Outcomes
Clarity across the entire fleet
Visibility of the full fleet throughout the life of the assets
Monitoring of all network traffic
Consistent monitoring of traffic flow without use of payload data
Detection of new devices connected
Be aware of all unexpected devices connecting to the network