Powerful collaborations, cutting edge science and curious minds coming together for a glimpse of the future. Stay tuned as we look at the latest updates on some of the most promising technology projects.

Powerful collaborations, cutting edge science and curious minds coming together for a glimpse of the future. Stay tuned as we look at the latest updates on some of the most promising technology projects.

Hello and welcome. I'm Peter Balint from Technikon and today we look at the certMILS project. This EU funded effort is researching ways of keeping complex systems safe and secure. Think about trains or power grids. Unfortunately these systems consist of so many independent components that certifying their integrity as a whole would become an unwieldy task. Using the existing MILS or multiple independent levels of security platform certMILS seeks to find ways of shortening, simplifying, and implementing new certification methodologies with the ultimate goal of efficient security in cyber physical systems across Europe. Today we speak with Thorsten Schulz from the University of Rostock and Sandro Rauscher from THALES. Both gentlemen are project partners in certMILS . They join us remotely from their home offices today. Welcome, and I think the place to start is to understand this concept of multiple independent levels of security. Tell us Thorsten, what is that all about?

Hello and welcome. I'm Peter Balint from Technikon and today we look at the certMILS project. This EU funded effort is researching ways of keeping complex systems safe and secure. Think about trains or power grids. Unfortunately these systems consist of so many independent components that certifying their integrity as a whole would become an unwieldy task. Using the existing MILS or multiple independent levels of security platform certMILS seeks to find ways of shortening, simplifying, and implementing new certification methodologies with the ultimate goal of efficient security in cyber physical systems across Europe. Today we speak with Thorsten Schulz from the University of Rostock and Sandro Rauscher from THALES. Both gentlemen are project partners in certMILS . They join us remotely from their home offices today. Welcome, and I think the place to start is to understand this concept of multiple independent levels of security. Tell us Thorsten, what is that all about?

So MILS it's... even though it's not supposed to be that abbreviation anymore it's it's like the lettering together of multiple independent levels of security. So that's where it started out of. So maybe coming from different perspectives. Nowadays like networks are always like in larger company networks you divide them up in zones in different places where you have different abilities and maybe different services. So separating out a computer system into different kind of zones into compartments or maybe partitions or domains is really important to separate the security of such a system because once you have these kind of compartments one can define the interfaces between the compartments much better. And then it's much better to also define the security measures afterwards.

So MILS it's... even though it's not supposed to be that abbreviation anymore it's it's like the lettering together of multiple independent levels of security. So that's where it started out of. So maybe coming from different perspectives. Nowadays like networks are always like in larger company networks you divide them up in zones in different places where you have different abilities and maybe different services. So separating out a computer system into different kind of zones into compartments or maybe partitions or domains is really important to separate the security of such a system because once you have these kind of compartments one can define the interfaces between the compartments much better. And then it's much better to also define the security measures afterwards.

Do you have anything to add to that Sandro?

Do you have anything to add to that Sandro?

As Thorston already said, we are dividing different components on a single computer system into different parts so you can say the multiple independent layers, in this case, several operating systems running on top of each other and they have to be secured.

As Thorston already said, we are dividing different components on a single computer system into different parts so you can say the multiple independent layers, in this case, several operating systems running on top of each other and they have to be secured.

So is this about security or is this more about reliability or both?

So is this about security or is this more about reliability or both?

That's that's that's the good question. So it's actually both and why it has been used these kind of kind of architecture concept. So it's not it's not really a standard MILS it's not a standard it's an architecture concept. So this can be at first it can be also really used to... It's also called separation of criticality... so this as you say like for reliability. So for example in one of the compartments of the systems you would like to have maybe the braking system something ——and you don't want to have the braking system connected to the Internet ——for whatever reason you don't want to have that. So you're really rather look into having that separate and maybe and then maybe have a different kind of component compartment that takes care of connecting to the Internet and then you have very confined thin communication channels between these two components. And and just just making the point that in comparison to like years ago when we would have two different devices like two different physical systems taking these functions apart. And nowadays for reducing the costs of the system and even for physical products just reusing the weight we put that on the same machine kind of computer device and we need software methodologies software architectures where we have a similar idea as well. We would have beforehand when we had separate devices.

That's that's that's the good question. So it's actually both and why it has been used these kind of kind of architecture concept. So it's not it's not really a standard MILS it's not a standard it's an architecture concept. So this can be at first it can be also really used to... It's also called separation of criticality... so this as you say like for reliability. So for example in one of the compartments of the systems you would like to have maybe the braking system something ——and you don't want to have the braking system connected to the Internet ——for whatever reason you don't want to have that. So you're really rather look into having that separate and maybe and then maybe have a different kind of component compartment that takes care of connecting to the Internet and then you have very confined thin communication channels between these two components. And and just just making the point that in comparison to like years ago when we would have two different devices like two different physical systems taking these functions apart. And nowadays for reducing the costs of the system and even for physical products just reusing the weight we put that on the same machine kind of computer device and we need software methodologies software architectures where we have a similar idea as well. We would have beforehand when we had separate devices.

And in this project, certMILS are you actually making anything or is it more conceptual or is it working on an architectural concept?

And in this project, certMILS are you actually making anything or is it more conceptual or is it working on an architectural concept?

So that would be my part. I'm doing the whole architecture for the THALES demonstrator which we already presented and I can describe it as there is an operating system running on our hardware board which gets inserted into the train and then on top of this operating system which is running with —we call that bare metal, there is another operating system starting on the bare metal operating system and then another one and we interconnect them so that everything is confined in a certain way so that certain functions cannot be accessed from the outside.

So that would be my part. I'm doing the whole architecture for the THALES demonstrator which we already presented and I can describe it as there is an operating system running on our hardware board which gets inserted into the train and then on top of this operating system which is running with —we call that bare metal, there is another operating system starting on the bare metal operating system and then another one and we interconnect them so that everything is confined in a certain way so that certain functions cannot be accessed from the outside.

And somehow we always seem to be going back to this train example is that uh considered our primary use case for you in certMILS?

And somehow we always seem to be going back to this train example is that uh considered our primary use case for you in certMILS?

So we have three different demonstrators. One is the train use case which is from THALES. Then the next one would be the subway demonstrator which is actually really different from the rail demonstrator and we also have a smart grid demonstrator which is used for electrical grids.

So we have three different demonstrators. One is the train use case which is from THALES. Then the next one would be the subway demonstrator which is actually really different from the rail demonstrator and we also have a smart grid demonstrator which is used for electrical grids.

So these are big infrastructural items, I mean this is for major systems...

So these are big infrastructural items, I mean this is for major systems...

Yes, that is correctly. So but these are actually components within these larger and these larger systems of systems but you could use the same architecture for example I know back in the years I was thinking with with a friend of mine. So what if the person that does the the train the closing the doors the one the stands outside so that basically the steward of the train would have the smartphone that can kind of stop closing the doors or maybe maybe it use open the doors and anything of that then that smartphone you wouldn't want to have that just pressing the button just being aided by some random google store app so but you want to have that separate. So you could even think of a smartphone having like a separation architecture as we talked about that. But in the other side we really concentrate on the components first which are important for our critical infrastructures, as Sandro said for the smart grid where we want to have the substations that should be reliable. And like when you have a power outage like a black out just the whole system has to be quickly back up again and has to work smoothly even if it is based on kind of in networking or Internet technology. And for the train system as well. So we're not talking about just trains so actually trains are not really powered within the certMILS projects it's more the signaling part that we're looking into and for the signaling part also you have a lot of small <INAUDIBLE> like thousands around for example in Germany another thousands in Austria and all over Europe. And and these systems have been like years ago they've been driven by cables like like iron cable being passing around but that has changed so, we want to have a commercial, off the shelf bus based systems and these have to adhere to some kind of common methodology to make them reliable and secure.

Yes, that is correctly. So but these are actually components within these larger and these larger systems of systems but you could use the same architecture for example I know back in the years I was thinking with with a friend of mine. So what if the person that does the the train the closing the doors the one the stands outside so that basically the steward of the train would have the smartphone that can kind of stop closing the doors or maybe maybe it use open the doors and anything of that then that smartphone you wouldn't want to have that just pressing the button just being aided by some random google store app so but you want to have that separate. So you could even think of a smartphone having like a separation architecture as we talked about that. But in the other side we really concentrate on the components first which are important for our critical infrastructures, as Sandro said for the smart grid where we want to have the substations that should be reliable. And like when you have a power outage like a black out just the whole system has to be quickly back up again and has to work smoothly even if it is based on kind of in networking or Internet technology. And for the train system as well. So we're not talking about just trains so actually trains are not really powered within the certMILS projects it's more the signaling part that we're looking into and for the signaling part also you have a lot of small <INAUDIBLE> like thousands around for example in Germany another thousands in Austria and all over Europe. And and these systems have been like years ago they've been driven by cables like like iron cable being passing around but that has changed so, we want to have a commercial, off the shelf bus based systems and these have to adhere to some kind of common methodology to make them reliable and secure.

OK good. And I wanted to ask you Thorsten and then I'll get to you Sandro about your contributions in the project. Thorsten you're bringing experience and real world activities from an academic perspective. What benefits does that have for the project in general?

OK good. And I wanted to ask you Thorsten and then I'll get to you Sandro about your contributions in the project. Thorsten you're bringing experience and real world activities from an academic perspective. What benefits does that have for the project in general?

So from my perspective it is important to have that kind of separate view sometimes. It doesn't mean that I have to see things differently just like university I'm not directly driven by kind of a product that I have to have some kind of output. So I might be a little bit more open and there's about two contributions that I'm trying to achieve here in this project. So the one thing that we kind of assigned to do was security testing just to be honest we add that from our perspective that we know a lot about about embedded systems because at our Institute we have been doing embedded systems for like the beginning of the 90s. Before that we did chip design but so we have kind of that perspective. But there's also a second part of it. So once we develop the pilots, as Sandro says so for the smart grid, railway these are pilots that we're trying to certify and once we have pilots that being certified we have to be really careful about the confidentiality about the software relate to this. And it's really hard to bring examples or just any any notion of how this works out of the kind of audience of <INAUDIBLE> things. I have a little bit more of the choice maybe to try to use different software but on the same architecture and then publish this so, kind of open source projects. I did like a few contributions to a railway network protocol in the last year and probably will continue to do that and I can also publish some source code how I would do like a made system related to a railway signaling system just something that is not really usable in the railway because it's not certifiable but at least somebody that people can look at so to understand what does the MILS architecture actually mean.

So from my perspective it is important to have that kind of separate view sometimes. It doesn't mean that I have to see things differently just like university I'm not directly driven by kind of a product that I have to have some kind of output. So I might be a little bit more open and there's about two contributions that I'm trying to achieve here in this project. So the one thing that we kind of assigned to do was security testing just to be honest we add that from our perspective that we know a lot about about embedded systems because at our Institute we have been doing embedded systems for like the beginning of the 90s. Before that we did chip design but so we have kind of that perspective. But there's also a second part of it. So once we develop the pilots, as Sandro says so for the smart grid, railway these are pilots that we're trying to certify and once we have pilots that being certified we have to be really careful about the confidentiality about the software relate to this. And it's really hard to bring examples or just any any notion of how this works out of the kind of audience of <INAUDIBLE> things. I have a little bit more of the choice maybe to try to use different software but on the same architecture and then publish this so, kind of open source projects. I did like a few contributions to a railway network protocol in the last year and probably will continue to do that and I can also publish some source code how I would do like a made system related to a railway signaling system just something that is not really usable in the railway because it's not certifiable but at least somebody that people can look at so to understand what does the MILS architecture actually mean.

OK. And Sandro you're bringing experience from a large manufacturing and research company I would say. right? How does that benefit the project?

OK. And Sandro you're bringing experience from a large manufacturing and research company I would say. right? How does that benefit the project?

I think THALES brings a lot of experience to this project. As for myself I'm only working there for about two years now. We were having like 70,000 instances of our software running right now across the globe and we are supporting our software and hardware for at least 35 years as of now.

I think THALES brings a lot of experience to this project. As for myself I'm only working there for about two years now. We were having like 70,000 instances of our software running right now across the globe and we are supporting our software and hardware for at least 35 years as of now.

You representing THALES, what can you bring to the project?

You representing THALES, what can you bring to the project?

Yeah, THALES brings a lot of experience on the communications sector and from the rail signaling sector and me for myself, I come from let's say a hacker point of view and I view the system a little bit different than other people would do like software architects. So I'm looking more to exploit all of this stuff so I can actually prevent something like that happening.

Yeah, THALES brings a lot of experience on the communications sector and from the rail signaling sector and me for myself, I come from let's say a hacker point of view and I view the system a little bit different than other people would do like software architects. So I'm looking more to exploit all of this stuff so I can actually prevent something like that happening.

Aha. Very interesting. So you approach everything from kind of the way a hacker would. So OK. You look at the holes that are existing perhaps and you try to figure out how you would exploit them and then maybe patch those holes up. So let's sort of take this and look at it in a real life example like I heard somewhere about trains getting hacked. Does this sound like an appropriate case to talk about when we talk about certMILS because certMILS obviously has some relationship to the railway, and it's also about safety. So can you give us a scenario of what might happen if a train was hacked and why would somebody want to hack a train?

Aha. Very interesting. So you approach everything from kind of the way a hacker would. So OK. You look at the holes that are existing perhaps and you try to figure out how you would exploit them and then maybe patch those holes up. So let's sort of take this and look at it in a real life example like I heard somewhere about trains getting hacked. Does this sound like an appropriate case to talk about when we talk about certMILS because certMILS obviously has some relationship to the railway, and it's also about safety. So can you give us a scenario of what might happen if a train was hacked and why would somebody want to hack a train?

Yeah of course. So you have to think about different threat actors. So who wants to attack a critical infrastructure system and why would you do it? So the threat agents we actually defined or are common to these scenarios even nation states. The motivation could be that the shutdown of public or military transportation would be beneficial for someone for strategic reasons yeah let's say cyber criminals could also hack it like botnet operators because they could they could actually like to pay the operators some kind of ransom money so they take the whole system in ransom and say you got to pay. You may have heard about that ransomware that which encrypts your data and then tells you to give me one bitcoin or you'll never get your data back and you get that

Yeah of course. So you have to think about different threat actors. So who wants to attack a critical infrastructure system and why would you do it? So the threat agents we actually defined or are common to these scenarios even nation states. The motivation could be that the shutdown of public or military transportation would be beneficial for someone for strategic reasons yeah let's say cyber criminals could also hack it like botnet operators because they could they could actually like to pay the operators some kind of ransom money so they take the whole system in ransom and say you got to pay. You may have heard about that ransomware that which encrypts your data and then tells you to give me one bitcoin or you'll never get your data back and you get that

We've talked about this in earlier podcasts, yeah.

We've talked about this in earlier podcasts, yeah.

There is also the the possibility that there are other corporations that want to attack the availability of the system in order to lower the uh reputation of the other company or, one of the funniest things are like insiders . So an insider actually knows a lot about the company of course. And uh they may have different levels of motivation. Let's say like revenge. there's a pretty funny case in Vienna with the trams. There was a guy who got fired. But he got a hold of the key for the trim. And then you stole it and just run around with it. That's what you want to not to happen.

There is also the the possibility that there are other corporations that want to attack the availability of the system in order to lower the uh reputation of the other company or, one of the funniest things are like insiders . So an insider actually knows a lot about the company of course. And uh they may have different levels of motivation. Let's say like revenge. there's a pretty funny case in Vienna with the trams. There was a guy who got fired. But he got a hold of the key for the trim. And then you stole it and just run around with it. That's what you want to not to happen.

So if this train hacking takes place what does this look like for the average person? I mean it's just trains stop- they're not moving or can it even be more dangerous than this?

So if this train hacking takes place what does this look like for the average person? I mean it's just trains stop- they're not moving or can it even be more dangerous than this?

I think, maybe I just from my perspective I would also think like we all have seen what shutdown looks like in the past weeks. And maybe if you listen to the podcast a little later but you will probably still remember what shutdown means. So this is a large like economical impact so shutdown to public infrastructure not just to a train but also to a smart grid is has a really incredible impact just also with it all piling up. Just trying to shut down the train system. So at first it will just probably just stop. There's a lot of safety margins and safety issues so it will just all stop. But even stop would be absolutely critical for the whole system. So I think this would be the most general because as Sandro says like hacking a train like if you have a key, then you probably have a process problem within your company. Like if you have a physical key because this is one of the last resort things to actually access a device. But getting like remote access so if you have one key you can probably get into one train or maybe another train or whatever something but it doesn't scale. But if you have remote access to all the trains for example all the signals and then you can have kind of hack thousands. So it's completely a different issue. And so when hacking a system like a system of systems I think that this scale that you can reach is the big problem. And when we're talking about designing components that should be secure then we're talking about components that, as Sandro says, have like 70,000 instances around the globe and we're not talking about two trains or maybe one tram going a little bit wild maybe just heading into the next switch point. But it's like thousands of trains ... thousands of systems being shut down. And that is a really critical issue that we're looking into when we're talking about security hacking; it's not the single experience but the scale of problems that can arise.

I think, maybe I just from my perspective I would also think like we all have seen what shutdown looks like in the past weeks. And maybe if you listen to the podcast a little later but you will probably still remember what shutdown means. So this is a large like economical impact so shutdown to public infrastructure not just to a train but also to a smart grid is has a really incredible impact just also with it all piling up. Just trying to shut down the train system. So at first it will just probably just stop. There's a lot of safety margins and safety issues so it will just all stop. But even stop would be absolutely critical for the whole system. So I think this would be the most general because as Sandro says like hacking a train like if you have a key, then you probably have a process problem within your company. Like if you have a physical key because this is one of the last resort things to actually access a device. But getting like remote access so if you have one key you can probably get into one train or maybe another train or whatever something but it doesn't scale. But if you have remote access to all the trains for example all the signals and then you can have kind of hack thousands. So it's completely a different issue. And so when hacking a system like a system of systems I think that this scale that you can reach is the big problem. And when we're talking about designing components that should be secure then we're talking about components that, as Sandro says, have like 70,000 instances around the globe and we're not talking about two trains or maybe one tram going a little bit wild maybe just heading into the next switch point. But it's like thousands of trains ... thousands of systems being shut down. And that is a really critical issue that we're looking into when we're talking about security hacking; it's not the single experience but the scale of problems that can arise.

And so which I wanted to add something I wanted to add is from a hackers perspective, the weakest link is in this chain is always the human being because there are stuff there's stuff like social engineering. So let's say Peter I want, I want some passwords from your server. What am I going to do I'm going to call your company or I'm going to find out some numbers of your colleagues I'm going to call there and I'm begging that the new boss that you have that's so mean to everyone that is going to fire me so you have to give me your passwords and you're probably going to do that. Yeah. And you can say exactly the same for the trains there are some maintenance workers maybe they're oblivious. Maybe they are convinced to do something malicious. You do know that.

And so which I wanted to add something I wanted to add is from a hackers perspective, the weakest link is in this chain is always the human being because there are stuff there's stuff like social engineering. So let's say Peter I want, I want some passwords from your server. What am I going to do I'm going to call your company or I'm going to find out some numbers of your colleagues I'm going to call there and I'm begging that the new boss that you have that's so mean to everyone that is going to fire me so you have to give me your passwords and you're probably going to do that. Yeah. And you can say exactly the same for the trains there are some maintenance workers maybe they're oblivious. Maybe they are convinced to do something malicious. You do know that.

Yes and I think also one of the approaches is so I mean there's always ways to find and access into the system. So that's that's as Sandro said of social engineering social hacking. We're talking about a lot of remote devices that are just stuck up in some pile of dirt or some somewhere along the track or maybe somewhere totally internal to a train or any of these. So there's definitely going to be remote access and probably a lot of people also from the technical community know that they are always security vulnerabilities. And when we switch all of the devices that we're using for like obviously focused reason to commercial off the shelf products like in the past train related hardware has been or also for our critical infrastructure has been quite special hardware. But once we move for example to x86 hardware for example any of the general purpose arm processes they're getting quite famous nowadays they all have common vulnerabilities and these actually really common to natural P.C. hardware which is much more around the world. But, so if you have kind of a ransomware there was meant to be on some kind of personal laptop and then it also works for the train system that is really a problem. So that's why we have to harden the train system and be really quickly to be able to update so, coming back to this issue that I said at the beginning that we that getting trains the whole... I think is called homogenization approach. So getting trains and signals and all these safety critical systems certified takes years. So if we have a CV so that's a common vulnerability that is found so any kind of like a security hole then we would have to go through the two or three years again to certify the system just to get the security update into the system. And that is completely... that doesn't make any sense so that leaves the system for two years completely vulnerable. So that's why we have the MILS architecture where we can on the one hand can have a really short security update to for example to the communication module. But the communication module on the other hand is not safety relevant. Because as I said the beginning like like if we have an another compartment we have the braking software we're not going to touch the braking software it still the same. And we can prove... so that's the important thing by really rigorous tests that these two systems so the communication component on the one side and the braking software on the other side don't interfere with each other. And then we can say like if they don't interfere and we want to prove the safety of the braking system but we have to update the communication component. So that's kind of maybe it won't be internet but kind of like a like for example like a VPN tunnel or something. We need to update it due to this common vulnerability then we can do that and we can do it quickly within like within a couple of days. And if we don't have something like the MILS architecture where we have certifiable components that are separate from each other that don't interfere with each other so if we don't have that we can't have these kind of systems. So that's the importance of having the certifiable systems that can be separated and can be partially updated without interfering with the safety of the issue of the call functionality. Does it make sense?

Yes and I think also one of the approaches is so I mean there's always ways to find and access into the system. So that's that's as Sandro said of social engineering social hacking. We're talking about a lot of remote devices that are just stuck up in some pile of dirt or some somewhere along the track or maybe somewhere totally internal to a train or any of these. So there's definitely going to be remote access and probably a lot of people also from the technical community know that they are always security vulnerabilities. And when we switch all of the devices that we're using for like obviously focused reason to commercial off the shelf products like in the past train related hardware has been or also for our critical infrastructure has been quite special hardware. But once we move for example to x86 hardware for example any of the general purpose arm processes they're getting quite famous nowadays they all have common vulnerabilities and these actually really common to natural P.C. hardware which is much more around the world. But, so if you have kind of a ransomware there was meant to be on some kind of personal laptop and then it also works for the train system that is really a problem. So that's why we have to harden the train system and be really quickly to be able to update so, coming back to this issue that I said at the beginning that we that getting trains the whole... I think is called homogenization approach. So getting trains and signals and all these safety critical systems certified takes years. So if we have a CV so that's a common vulnerability that is found so any kind of like a security hole then we would have to go through the two or three years again to certify the system just to get the security update into the system. And that is completely... that doesn't make any sense so that leaves the system for two years completely vulnerable. So that's why we have the MILS architecture where we can on the one hand can have a really short security update to for example to the communication module. But the communication module on the other hand is not safety relevant. Because as I said the beginning like like if we have an another compartment we have the braking software we're not going to touch the braking software it still the same. And we can prove... so that's the important thing by really rigorous tests that these two systems so the communication component on the one side and the braking software on the other side don't interfere with each other. And then we can say like if they don't interfere and we want to prove the safety of the braking system but we have to update the communication component. So that's kind of maybe it won't be internet but kind of like a like for example like a VPN tunnel or something. We need to update it due to this common vulnerability then we can do that and we can do it quickly within like within a couple of days. And if we don't have something like the MILS architecture where we have certifiable components that are separate from each other that don't interfere with each other so if we don't have that we can't have these kind of systems. So that's the importance of having the certifiable systems that can be separated and can be partially updated without interfering with the safety of the issue of the call functionality. Does it make sense?

It makes sense and I have to wonder then is a project like certMILS is it sensitive to the fact that technology is changing rapidly.

It makes sense and I have to wonder then is a project like certMILS is it sensitive to the fact that technology is changing rapidly.

Yes. Yes definitely. So, I mean, we all on this...that's the other thing that I also like as an example. So we all want these remote maintenance so we don't want the system to be down like like we all expect the trains to come there like every day on the second. So we don't want them to be on maintenance like all the time. So we want to have... when they need maintenance we want them to go in, do the maintenance, and come back out again. So but is a train has some special kind of issues or whatever device has issues found out for example the braking system found out like I have extra wear and then we can use the remote component like the remote communication component what we call then predictive maintenance. So the braking system can kind of acknowledge to the central workshop to the maintenance workshop that there is especially care needs to be taken and then only then if that is necessary the train has to go to maintenance so we can probably also increase the maintenance cycles like make them larger and increase availability for the devices that we need in our critical infrastructure. So I think this is also one of the use cases I guess for more than you call them like these kind of systems critical systems.

Yes. Yes definitely. So, I mean, we all on this...that's the other thing that I also like as an example. So we all want these remote maintenance so we don't want the system to be down like like we all expect the trains to come there like every day on the second. So we don't want them to be on maintenance like all the time. So we want to have... when they need maintenance we want them to go in, do the maintenance, and come back out again. So but is a train has some special kind of issues or whatever device has issues found out for example the braking system found out like I have extra wear and then we can use the remote component like the remote communication component what we call then predictive maintenance. So the braking system can kind of acknowledge to the central workshop to the maintenance workshop that there is especially care needs to be taken and then only then if that is necessary the train has to go to maintenance so we can probably also increase the maintenance cycles like make them larger and increase availability for the devices that we need in our critical infrastructure. So I think this is also one of the use cases I guess for more than you call them like these kind of systems critical systems.

Right. And Sandro for from your perspective what does success look like in this project? So when this project is done what aspect once it's complete we'll make you feel good?

Right. And Sandro for from your perspective what does success look like in this project? So when this project is done what aspect once it's complete we'll make you feel good?

Yes success will look like for me if the whole thing is running it is actually right now there are certain demonstrators at work. The main achievement would be as Thorston said that you can actually exchange everything in a matter of hours and everything works remotely and if that is set up and everything works flawless and all... Uh let's say most of the security vulnerabilities are might be mitigated or eliminated. Then I can speak from success

Yes success will look like for me if the whole thing is running it is actually right now there are certain demonstrators at work. The main achievement would be as Thorston said that you can actually exchange everything in a matter of hours and everything works remotely and if that is set up and everything works flawless and all... Uh let's say most of the security vulnerabilities are might be mitigated or eliminated. Then I can speak from success

OK, Thorsten How do you answer that question; when you walk away from project what does it look like if it was successful for you?

OK, Thorsten How do you answer that question; when you walk away from project what does it look like if it was successful for you?

Because like me being at the University and I'm basically limited to my external projects so I will leave the university quite soon. If I see these kind of technologies- if I see them again like when they enter that kind of I will be going into this kind of software market and I'm totally interested in that and I really like it. And if I see the success of this architecture in this technology I can say like "right this train is going for maintenance and it's not being hacked- it just it just works." I think the best success is always technology that works.

Because like me being at the University and I'm basically limited to my external projects so I will leave the university quite soon. If I see these kind of technologies- if I see them again like when they enter that kind of I will be going into this kind of software market and I'm totally interested in that and I really like it. And if I see the success of this architecture in this technology I can say like "right this train is going for maintenance and it's not being hacked- it just it just works." I think the best success is always technology that works.

Well, thank you both for taking the time to share your knowledge with us today. Best wishes for the remainder of the project and we'll talk again real soon.

Well, thank you both for taking the time to share your knowledge with us today. Best wishes for the remainder of the project and we'll talk again real soon.

Thank you.

Thank you.

Thank you, Peter.

Thank you, Peter.

For more information about certMILS, visit their Web site at certmils.eu. This podcast has been brought to you by Technikon.

For more information about certMILS, visit their Web site at certmils.eu. This podcast has been brought to you by Technikon.

The certMILS Project has received funding from the European Union's Horizon 2020 research and innovation program. Under grant agreement. Number 7 3 1 4 5 6.

The certMILS Project has received funding from the European Union's Horizon 2020 research and innovation program. Under grant agreement. Number 7 3 1 4 5 6.