Today we are happy to announce the RazorSecure Security Gateway as the latest product we have developed for the rail market, in accordance with EN50155. The RazorSecure team has been hard at work on delivering this, and it is the combination of our experience in deploying rail cyber security solutions with operators across the UK, Europe and North America.
From reviewing the earliest customer requirements, we knew that a different approach would be needed. There are several firewalls already available to railway OEMs, but we felt that they were lacking in functionality and provided very little benefit over a capable layer-3 switch.
We have seen through our work with operators that flexibility is crucial in delivery of solutions, and that is at the heart of the RazorSecure Security Gateway. Secondly we knew that it was critical that it is the most secure device onboard the train, as there’s no point having a device managing security if it is insecure itself. Third, we needed to align it with both current and future needs alongside the requirements of IEC62443 and TS50701.
A flexible, virtualised platform for security
In designing the Security Gateway, it was clear that a firewall alone does not meet their requirements of the modern digital railway. We have designed it as a virtual platform for hosting security applications onboard, with a firewall being one of the most critical of those functions.
Our customers also had different requirements for the applications included in the security gateway. Some had strong next-generation firewall requirements, others had strong requirements around management of specific protocols with a firewall required to separate and segment the network but not provide any deep packet inspection.
By taking a flexible approach, we are able to offer our customers a choice of virtualised applications, including commercial-of-the-shelf next-generation firewalls and open source firewalls. This gives us the flexibility to meet our customer’s requirements in a cost-effective manner.
Built from the ground up to be secure
When developing a new platform, there are many approaches to take for security. We opted to take the strictest approach, define everything in code, take a layered approach to security and ensure that every service, process and package is added. This means that we have selected everything that goes into the operating system with a built-up approach, rather than a strip-down approach from an off-the-shelf OS.
We offer virtual applications that run on the Host Operating System; these are also built from the ground up with each process in its own container and all interactions between processes strictly defined.
The virtual applications and host operating systems are also designed to be read-only, so they cannot be modified and all configuration can be tightly controlled from a central location.
This immutable approach to applications ensures that we can validate and demonstrate each application is consistent through development, testing and deployment to a train.
A wide-range of applications already available
We have already built several applications that are available to deploy with customers today, including rail specific protocol filters, centralised log management, intrusion and anomaly detection as well as remote management applications.
The platform is built to allow us to work directly with customers to deploy the right security and operational monitoring solutions for their needs.
The RazorSecure Security Gateway acts as a single source of truth onboard the train for cyber security, providing real-time visibility of key hosts, the network and logs from all devices onboard.
