Daniel Smith
Dan works on Team Protect as the Security Gateway Platform Lead. Based in Basingstoke, he has been working with RazorSecure for 7 years.
Q: Can you share an example of how machine learning is currently being used to combat cyber threats in the rail industry?
A: The simple answer is it’s not. We’re the only people doing anything with it, using dynamically generated expert systems in our baselines to analyse behavioural anomalies for alerts. The main place we’re doing this is directly in our Delta product.
Q: Are there any specific challenges or limitations in using machine learning in rail cyber security, and how do you see it evolving in the future?
A: There are many, and they range around concerns over the validity of a model, which can be broken down to testability, reproducibility, provability, and data bias. These problems are not specific to rail cyber security, but all machine learning. However, rail is unique in that it forms part of our critical infrastructure, and we cannot allow issues that could affect critical operational systems such as brakes. It’s hard to say how I see it evolving as the current issues are unsolved in the field and should be considered as hard requirements for the rail industry. We have innovated and delivered clever solutions in terms of testability, but there is still more to do.
Q: What's the most rewarding aspect of working at RazorSecure?
A: There are some very difficult technical and unique challenges in rail cyber security. You expect four out of every five packets to go missing, and you must be able to deal with it without it breaking everything. It’s a very odd industry with a mix of ancient machinery, cutting edge computing, and sudden legal requirements around cyber security - and so integration is complex. The other rewarding aspect is knowing that the work I do is helping to protect our critical infrastructure from ongoing cyber threats.
Q: Have you ever encountered an interesting or challenging bug related to rail cyber security, and how did you approach solving it?
A: The rail industry is very unique in its approach to computing. The design of Security Gateway is a good example in that it has features such as isolated Virtual Machine’s (VM’s) (aside from which there are no other external services), the ability to re-asses configurations over time, and it has a minimal attack surface. If you ask a general engineer to run updates in parallel, they’re often in an environment where they cannot guarantee network access, so what is needed are programs that work with limited connectivity. We expect our deployments at RazorSecure to work for 15 years without human involvement, which is why we use VMs. A good analogy would be to imagine there is a flaw in one, and how that wouldn’t affect or damage the rest of the system. Our SGW tool provides secure isolation by using VMs, giving a multilayered approach which prevents attackers moving across systems.
Q: What drew you to the fascinating world of rail cyber security, and did you foresee any challenges in applying your expertise to this niche industry?
A: What drew me to it was the paycheck, but the better question is what keeps me around, which is down to the industry and its unique challenges. No two integrations are alike, and the additional challenge of making our systems configurable and manageable requires a vast amount of knowledge of what our customers want, and what is possible, whilst always maintaining that systems are secure and robust. The general challenge is that almost all the existing knowledge around what you're doing is geared towards an assumption that we’re sitting on a server on the internet with an infinite amount of access to resources, storage, etc., and in rail that is never the case.