Cambrian Line Radio Signalling failure - RAIB investigating

[Zomboid]

Maybe, but it won't be any of the presently defined versions of ERTMS which replaces them.

[Reorte]

Maybe, but it won't be any of the presently defined versions of ERTMS which replaces them.

Well no, it's not designed to do that but it does demonstrate some of the principles that'll be needed to do so. We might not be there yet and there are doubtless a lot of details only people involved in the railway can comment on but I don't imagine there are any fundamentally impossible barriers to driverless trains - most of the pieces already exist but would require time and expense to mature them to an acceptably useful level. It's probably not invalid to say it's a step along that road, although you can probably say that about various changes going back decades or more.

[iands]

Can this radio system be jammed by the Russians? Could that lose the TSR data? Just asking the question.

 

http://www.independent.co.uk/news/uk/home-news/russia-cyber-attacks-notpetya-gavin-williamson-defence-secretary-putin-hacking-ransomware-a8212801.html

 

Martin.

Hi Martin,

 

Any radio system can be jammed, by the Russians, North Koreans, USA, whoever, etc., etc., etc. And if the GSMR/GPRS were jammed, the TSR data along with every other bit of data being transmitted by the system wouldn't be received by the mobile unit(s), i.e. the train (be it a 37, 158, etc.), but the data would remain uncorrupted, just not received.

 

I think what you are really enquiring about, re the reference to a "cyber attack", is could it be hacked? Could data be manipulted to give false or wrong messages/instructions? Now that's a different question (or two) altogether. There is a lot of unseen work (to the general public) being done in the background on all NR projects and systems on cyber security, not just safety critical stuff like GSMR, ERTMS/ETCS, but any system that employs a computer (pretty much everything) to make it as safe/secure as possible from such attacks. But as we all know with computer viruses, what might appear safe today could be vulnerable tomorrow.

 

Regards, Ian.

 

Minor edit to insert a couple of missing words to improve the reading.

Edited February 22, 2018 by iands

[martin_wynne]

I think what you are really enquiring about, re the reference to a "cyber attack", is could it be hacked?

 

Hi Ian,

 

It seems to me that if this system is in use all across Europe, it must be a prime target for attack?

 

And if you wanted to try out an attack without being noticed, how about some quiet level crossings in a remote corner of North Wales? After all, no-one knew anything about this until a driver reported it, and the system manufacturers have been unable to explain it.

 

Hopefully someone is checking for this sort of thing -- and they are not going to say anything, are they?

 

Martin.

[iands]

Hi Ian,

 

It seems to me that if this system is in use all across Europe, it must be a prime target for attack?

 

And if you wanted to try out an attack without being noticed, how about some quiet level crossings in a remote corner of North Wales? After all, no-one knew anything about this until a driver reported it, and the system manufacturers have been unable to explain it.

 

Hopefully someone is checking for this sort of thing -- and they are not going to say anything, are they?

 

Martin.

Hi Martin,

 

In all honesty I can't see a state (such as Russia), or some organised crime gang bothering to screw up a TSR on a few level crossings in mid-Wales. However, that doesn't rule out some "loner/Billy-no-mates" in his bedroom pratting about to see what he can access/break, but I get your point. If such a thing did happen (or were to happen in the future) I'm sure it would be disclosed by the authorities.

 

Regards, Ian.

[martin_wynne]

if the GSMR/GPRS were jammed, the TSR data along with every other bit of data being transmitted by the system wouldn't be received by the mobile unit(s),

 

Hi Ian,

 

That seems to be jumping to conclusions. If you set up some local equipment to receive the signal, modify it, and re-transmit it at a high enough power to drown out the original, might it be received by the train as a genuine signal?

 

Martin.

[martin_wynne]

In all honesty I can't see a state (such as Russia), or some organised crime gang bothering to screw up a TSR on a few level crossings in mid-Wales

 

Not as a serious attack, obviously. But as a way to try out the capability without being noticed?

 

Martin.

[Reorte]

Hi Ian,

 

That seems to be jumping to conclusions. If you set up some local equipment to receive the signal, modify it, and re-transmit it at a high enough power to drown out the original, might it be received by the train as a genuine signal?

 

Martin.

I'm making assumptions, but one of them is that you'd need to know exactly what to send, and how to encrypt it, for the train to receive a valid (i.e. meaningful) signal, which I would hope would be far too difficult to be practical. The worst that should be able to happen is that invalid nonsense is received and the train stops as a result (failsafe condition), which would cause disruption but no danger. At a guess (sorry about all the speculation here!) if, say, Russia was trying to interfere with it the most likely way would be to corrupt someone with genuine access to the system.

Edited February 22, 2018 by Reorte

[iands]

Not as a serious attack, obviously. But as a way to try out the capability without being noticed?

 

Martin.

Hi Martin,

 

Re this post and #106, I'm not saying it's not impossible, just unlikely. There are far more developed ERTMS/ETCS systems on trial or in use on the european continent to target (not to mention 1000s of other similar radio based systems they could try and hack, e.g. air traffic control, shipping navigation systems) if soneone was that serious/dedicated/detached in trying to corrupt and/or retransmit the data - assuming they can replicate exactly the algorithms used in encrypting the data in the first place the variations of which, from memory, are "telephone numbers multiplied by telephone numbers" in complexity.

 

Regards, Ian.

[Edwin_m]

I would hope they use some sort of encryption which, for example, ensures that if someone records the data transmitted when the system is being commanded to do a particular action, the system won't do the same thing again if that person transmits the same data sequence. 

[TheSignalEngineer]

Hi Martin,

 

Re this post and #106, I'm not saying it's not impossible, just unlikely. There are far more developed ERTMS/ETCS systems on trial or in use on the european continent to target (not to mention 1000s of other similar radio based systems they could try and hack, e.g. air traffic control, shipping navigation systems) if soneone was that serious/dedicated/detached in trying to corrupt and/or retransmit the data - assuming they can replicate exactly the algorithms used in encrypting the data in the first place the variations of which, from memory, are "telephone numbers multiplied by telephone numbers" in complexity.

 

Regards, Ian.

In the opposite direction, when the original Cambrian RETB transmitter near Harlech was switched on for testing it played havoc with RTE television around Dublin.

[w124bob]

Isn't there a spot in mid Wales where the RAF keep changing frequency(for security)which b*****s up the in cab signalling?

[Reorte]

I would hope they use some sort of encryption which, for example, ensures that if someone records the data transmitted when the system is being commanded to do a particular action, the system won't do the same thing again if that person transmits the same data sequence. 

I'd be amazed if they didn't these days. If there was that much interest in interfering with signalling systems it would've doubtless been far, far easier just to interfere with telegraph wires, and there were a lot of those around during the height of the Cold War. Fortunately Soviet spies didn't seem to be constantly messing around with our railways (although admittedly someone poking at wires up a pole is rather more noticeable than someone sitting at a computer thousands of miles away).

[TheSignalEngineer]

I'd be amazed if they didn't these days. If there was that much interest in interfering with signalling systems it would've doubtless been far, far easier just to interfere with telegraph wires, and there were a lot of those around during the height of the Cold War. Fortunately Soviet spies didn't seem to be constantly messing around with our railways (although admittedly someone poking at wires up a pole is rather more noticeable than someone sitting at a computer thousands of miles away).

They probably knew a lot about it. The Russian Military had quite accurate maps of the system, probably better than Railtrack ever had during their brief existence. They were so bad it was better to go to Ian Allan down the road and buy a Quail atlas then ride the route you were interested in to check if anything had changed recently..

[david.hill64]

Communications based signalling systems use sophisticated encryption methods to check that the telegram being received by the train is the one that it is supposed to get. This is a continuous process happening typically more than once per second. In case of doubt the train will stop. It is inherently extremely improbable that a third party could generate a signal that would be interpreted by the train to allow it to do something unsafe.

 

In Bangkok the BTS Skytrain system suffered from interference with the signalling system that resulted in telegram loss and service disruption. This was thought to be due to high powered (and often illegal) third party transmitting devices that unintentionally swamped the radio. Not unsafe, but disruptive.

[iands]

In the opposite direction, when the original Cambrian RETB transmitter near Harlech was switched on for testing it played havoc with RTE television around Dublin.

As did a few of the NRP sites (same frequency band) and the following NRN/ORN system around the country, affecting TV broadcasts in Belgium and the Netherlands. Some of the UHF systems also were an annoyance to foreign broadcasters.

 

Regards, Ian.

[The Stationmaster]

In the opposite direction, when the original Cambrian RETB transmitter near Harlech was switched on for testing it played havoc with RTE television around Dublin.

 

But still somewhat better than the use of BT 'phone lines (allegedly 'direct lines' for NSKT® on the Central Wales Line - nothing unsafe but an awful lot of b*ggeration and train delays.  And that was without anybody more malevolent than BT taking a hand.

 

Don't forget that in every case the system which is immediately more secure than any other is one that has no access to/from the outside (non-railway in this case) world.  Anybody can destroy or damage an unsecured cable route but it's incredibly dfficult to start putting false commands into it.

[ess1uk]

I first heard of this yesterday via the IET and wondered what happened to SMTH

[Great Western]

Hmmm with the demise of PSB's and having the threat of automatic route setting as standard the pleasure has already gone from signalling. Unfortanatly the new breed of signallers just see it as a computer game already.

 

I thoroughly enjoy my work as a ROC Signaller, I don't allow ARS to play trains I actively monitor my panel for conflicts and manually route set for the majority of my trains.

 

ARS is a must to keep the job going when your doing the paperwork for six possessions, line blocks or managing incidents.

Modern signalling for me isn't a massive, expensive game of Simsig its a potentially dangerous proposition.

 

Ironically, there are a number of ex NX Panel Signallers who do let ARS run the job only touching the controls when they absolutely have to! 

 

So please don't insult me, and my fellow 'new bread' of signallers with 'playing playstation, computer game' bla bla rubbish!

[D854_Tiger]

Communications based signalling systems use sophisticated encryption methods to check that the telegram being received by the train is the one that it is supposed to get. This is a continuous process happening typically more than once per second. In case of doubt the train will stop. It is inherently extremely improbable that a third party could generate a signal that would be interpreted by the train to allow it to do something unsafe.

 

In Bangkok the BTS Skytrain system suffered from interference with the signalling system that resulted in telegram loss and service disruption. This was thought to be due to high powered (and often illegal) third party transmitting devices that unintentionally swamped the radio. Not unsafe, but disruptive.

 

Any radio communication can suffer from interference, left to its own devices the atmosphere can even do that, in the right (albeit rare) circumstances, but provided a system has been designed to be fail safe the worst that can happen is stuff stops moving.

 

Hacking into an encrypted communication is actually impossible, if the latest encryption techniques are being used, and that impossibility can be proven mathematically.

 

Indeed, many of these latest most sophisticated techniques are nowadays supported by freely available software, available on the Internet, which has worried GCHQ sufficiently for them to prompt government into introducing legislation to make it an offence for a user not to provide the key, once the necessary warrant has been raised.

 

An admission by the experts that even they have no solution to breaking such encryption, they face exactly the same problem breaking the dark net, so much so, they gave up trying on the sexy computer stuff and have fallen back onto more tried and trusted traditional techniques, such as follow the money and infiltration, and then surprised themselves with all the success they were having.

 

Far more worrying for safety critical systems is the security of the wider system, what (and how) is it connected to, all the encryption in the world over the radio is of little use if there is a backdoor way in via the Internet.

 

I once did some work for a well known Telecom operator and Internet provider (who shall remain nameless) and was offered the use of a brand new workstation, which needed its software installing. A task I offered to do and could they provide the superuser password allowing me to do so.

 

The superuser is commonly known as 'root' the password I was provided with was r00t and yep it turned out that password didn't just get me into one workstation it got me into their entire interconnected network, one press of a carriage return and I could have outed their entire operation and corrupted all their billing data for good measure.

 

It was the Internet equivalent of leaving the sophisticated encrypted locking mechanism of the bank vault unlocked and the bank's front door wide open.

 

Most of the worst hacking that goes on across the Internet is very unsophisticated because why resort to deviously complex software and high order mathematics, when you can cause mischief just by looking up the right person's Facebook page and pretty much work out their life story in five minutes and, more often than not, the passwords that go with it.

[D854_Tiger]

How does ERTMS handle this situation.

 

[Talltim]

You have add another trolly fit all the ERTMS equipment in...

[Junctionmad]

I wonder what you'd enter into the DMI !!

[Reorte]

Well I've never been keen on the idea of high speed rail but that video's really going a bit too far in the other direction. Or is it the prototype for how diesel is going to be ended by 2040?

[Coryton]

Well I've never been keen on the idea of high speed rail but that video's really going a bit too far in the other direction. Or is it the prototype for how diesel is going to be ended by 2040?

 

Nicely filmed. Funniest thing I've seen for a while.

 

Anyone know where it is? The YouTube page suggests it's in the Wirral, which it clearly isn't. I'm pretty sure I've seen maintenance vehicles in Slovakia looking like that, and the level crossing seems the right style (can't read the writing under the sign, but the word lengths look right for "Pozor Vlak" (beware of trains).

 

Curious there seems to be a railway signal on the far side of the crossing for trains approaching it.

 

And to get a bit more on topic...

 

Regarding the comment previously about ERTMS (or ECTS if you like) assuming the maximum train length, if the speed restriction is to slow the approach to a level crossing, why does the train length matter anyway? Clearly it does if you're slowing for a bad bit of track, but if the idea is to give sufficient warning at a level crossing, surely it's the front of the train that matters not the back? Once it's on the level crossing from a sighting point of view it shouldn't matter what speed it's doing.

 

With a 'manual' speed restriction for a level crossing, is the driver expected to wait until the back of the train has cleared the sign before accelerating?