4SECURail addresses the development of a demonstrator for the use of Formal Methods (FM) and a collaborative environment to support Computer Security Incident Response Team (CSIRT) in the railway sector.

The demonstrator for the use of Formal Methods in railway will provide state-of-the-art FM and tools to evaluate the learning curve to perform a cost/benefit analysis of the adoption of formal methods in the railway industry. The main objectives targeted are: 1) the development of a specific railway-oriented FM demonstrator; 2) the identification of a railway signalling subsystem, described by means of standard interfaces; and 3) the specification and evaluation of the cost/benefit ratio and learning curves for adopting the demonstrator in the railway environment.

The implementation of a CSIRT demonstrator in the railway sector will address the technology demonstrator in cybersecurity (as identified in TD2.11 by the Shift2Rail initiative), establishing a CSIRT collaborative environment. This work targets: 1) to define stakeholder requirements for a European Rail CSIRT collaborative activity; 2) to test and validate a CSIRT model for railway; 3) to identify relevant state-of-the-art platforms to support CSIRT collaboration and, based on requirements and CSIRT model, specify and adapt to meet the railway CSIRT needs; and 4) to test and updated the CSIRT collaborative environment so as to ensure meeting user needs.

Tree Technology is in charge of the CSIRT collaborative platform, leading the development of a Threat Intelligence Platform (built on top of existing state-of-the-art platforms like e.g. MISP: www.misp-project.org) for the CSIRTs in the railway sector to share and jointly analyse cybersecurity threats, incidents and information (e.g. indicators of compromise, IoC) towards enhanced prevention and reaction to cybersecurity threats in railway.