NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Metrics-Driven Evaluation of Cybersecurity for Critical Railway Infrastructure

Published

Author(s)

Himanshu Neema, Bradley Potteiger, Xenofon Koutsoukos, CheeYee Tang

Abstract

In the past couple of years, railway infrastructure has been growing more connected, resembling more of a traditional Cyber-Physical System [1] model. Due to the tightly coupled nature between the cyber and physical domains, new attack vectors are emerging that create an avenue for remote hijacking of system components not designed to withstand such attacks. As such, best practice cybersecurity techniques need to be put in place to ensure the safety and resiliency of future railway designs, as well as infrastructure already in the field. However, traditional large-scale experimental evaluation that involves evaluating a large set of variables by running a design of experiments (DOE) may not always be practical and might not provide conclusive results [2]. In addition, to achieve scalable experimentation, the modeling abstractions, simulation configurations, and experiment scenarios must be designed according to the analysis goals of the evaluations. Thus, it is useful to target a set of key operational metrics for evaluation and configure and extend the traditional DOE methods using these metrics. In this work, we present a metrics driven evaluation approach for evaluating the security and resilience of railway critical infrastructure using a distributed simulation framework. An case study with experiment results is provided that demonstrate the capabilities of our testbed.
Proceedings Title
Resilience Week 2018
Conference Dates
August 20-23, 2018
Conference Location
Denver, CO, US
Pub Type
Conferences

Download Paper

Local Download

Keywords

Cybersecurity, Cyber-physical systems (CPS), Industrial control systems (ICS)
Cybersecurity and privacy

Citation

Neema, H. , Potteiger, B. , Koutsoukos, X. and Tang, C. (2018), Metrics-Driven Evaluation of Cybersecurity for Critical Railway Infrastructure, Resilience Week 2018, Denver, CO, US, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925963 (Accessed October 7, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created August 23, 2018, Updated September 29, 2025
Was this page helpful?