NetProbe Owl

Highlights

• Cyber sniffing of passive data
• Designed to track suspicious messages and sessions in monitored traffic
• Supports a range of pre-defined detection algorithms to spot abnormal events on GSM-R and ETCS procedures
• Sends alerts in real-time
• Conduct further analysis at protocol level in post-processing to better understand the pattern of attacks
• Uses existing hardware, where possible

Supporting cyber-attack detection
The deployment of digital rail and interconnected telecoms, interlocking and ETCS signaling systems, opens new avenues for potential security threats. NetProbe Owl is a security monitoring solution designed to be used in conjunction with NetProbe Wayside monitoring solutions. Developed as a cyber sniffing tool for a range of pre-defined tests, NetProbe Owl can track suspicious messages and sessions in monitored traffic and send alerts in real-time. Engineers can then conduct further analysis at protocol level in post-processing, to better understand the pattern of attacks.

NetProbe Owl Use Cases 

• Identify calls to RBCs starting from an unauthorized BTS
• Identify ETCS connection attempts made by unauthorized SIM cards
• Identify eurobalises, reported by trains, not included in a database of known ones or detected outside the expected location
• Identify ETCS level and mode changes in unexpected positions
• Identify a high number of call attempts to an RBC over a period of time.
• Identify simultaneous calls from the same SIM card