University of Oulu

S. Soderi, D. Masti, M. Hämäläinen and J. Iinatti, "Cybersecurity Considerations for Communication Based Train Control," in IEEE Access, vol. 11, pp. 92312-92321, 2023, doi: 10.1109/ACCESS.2023.3309005.

Cybersecurity considerations for communication based train control

Saved in:
Author: Soderi, S.1,2; Masti, D.1,2; Hämäläinen, M.3;
Organizations: 1IMT School for Advanced Studies, Lucca, Italy
2CINI Cybersecurity Laboratory, Roma, Italy
3Faculty of Information Technology and Electrical Engineering, Centre for Wireless Communications, University of Oulu, Oulu, Finland
Format: article
Version: published version
Access: open
Online Access: PDF Full Text (PDF, 1.9 MB)
Persistent link:
Language: English
Published: Institute of Electrical and Electronics Engineers, 2023
Publish Date: 2023-08-30


The CENELEC TS 50701 is the first encompassing standard aiming at governing cybersecurity risk management processes within the railway industry. Although the technical maturity of this framework is undeniable, its application in practical projects is still an active field of discussion among practitioners, especially when dealing the communication-heavy subsystems. Among such subsystems, signaling is among the most critical ones. Both Communication-based Train Control (CBTC) and European Railway Traffic Management Systems (ERTMS) heavily rely on wireless communications for their operation. This paper describes two cybersecurity attack scenarios regarding wireless communications for CBTCs that can impact the safety of these systems using the lens of the framework provided by the novel CENELEC TS 50701. In doing so, we discuss the implications of using such guidance, especially concerning the different interpretations found in the literature regarding zoning communication systems, to assess and mitigate the cybersecurity risk and improve the posture of CBTC systems concerning the examined attacks. Experimental tests conducted in controlled laboratory environments and high fidelity simulations have been conducted to support the cybersecurity analysis.

see all

Series: IEEE access
ISSN: 2169-3536
ISSN-E: 2169-3536
ISSN-L: 2169-3536
Volume: 11
Pages: 92312 - 92321
DOI: 10.1109/access.2023.3309005
Type of Publication: A1 Journal article – refereed
Field of Science: 213 Electronic, automation and communications engineering, electronics
Copyright information: This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. For more information, see