Analysis of Factors Influencing Cybersecurity in Railway Critical Infrastructure: A Case Study of Taiwan Railway Corporation, Ltd.
Abstract
1. Introduction
1.1. CI and Cybersecurity
1.2. CI and Analytical Hierarchy Process-Based Analytical Studies
2. Materials and Methods
2.1. Research Targets
2.2. Expert Questionnaire Design Using AHP
- Establishing the Hierarchical Framework Structure
- Questionnaire Design
2.3. AHP Hierarchical Structure and Construction of Risk Factors
3. Results
3.1. Analysis Results of Cybersecurity Risk Dimensions
3.2. Analysis Results of Evaluation Criteria
3.2.1. Weights of Evaluation Criteria Within the Dispatch Radio Communication System Cybersecurity Risk Dimension
3.2.2. Weights of Evaluation Criteria Within the CTC System Cybersecurity Risk Dimension
3.2.3. Weights of Evaluation Criteria Within the ATP System Cybersecurity Risk Dimension
3.2.4. Weights of Evaluation Criteria Within the Power System Cybersecurity Risk Dimension
3.3. Prioritization of Cybersecurity Risk Factors for Railway CI
4. Discussion
5. Practical Recommendations
6. Research Limitations and Future Research Directions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
Abbreviations
AHP | Analytical Hierarchy Process |
AI | Artificial Intelligence |
ATP | Automatic Train Protection |
CI | Critical Infrastructure |
CTC | Centralized Traffic Control |
C.I. | Consistency Index |
C.R. | Consistency Ratio |
C.R.H. | Consistency Ratio of the Hierarchy |
IoT | Internet of Things |
R.I. | Random Index |
THSRC | Taiwan High Speed Rail Corporation |
TRA | Taiwan Railways Administration |
TRC | Taiwan Railway Corporation, Ltd. |
Appendix A
Evaluation Criteria | Dispatch Radio Communication System Cybersecurity | CTC System Cybersecurity | ATP System Cybersecurity | Power System Cybersecurity | |
---|---|---|---|---|---|
Questionnaire No. | |||||
1 | 0.093 | 0.435 | 0.036 | 0.435 | |
2 | 0.038 | 0.115 | 0.236 | 0.610 | |
3 | 0.321 | 0.321 | 0.321 | 0.036 | |
4 | 0.069 | 0.310 | 0.412 | 0.210 | |
5 | 0.318 | 0.318 | 0.318 | 0.045 | |
6 | 0.056 | 0.474 | 0.332 | 0.138 | |
7 | 0.059 | 0.254 | 0.577 | 0.110 | |
8 | 0.088 | 0.276 | 0.052 | 0.585 | |
9 | 0.192 | 0.052 | 0.704 | 0.052 | |
10 | 0.061 | 0.446 | 0.416 | 0.077 | |
11 | 0.067 | 0.427 | 0.427 | 0.079 | |
12 | 0.175 | 0.042 | 0.304 | 0.479 | |
13 | 0.060 | 0.383 | 0.383 | 0.175 | |
14 | 0.053 | 0.318 | 0.558 | 0.071 | |
15 | 0.338 | 0.205 | 0.288 | 0.169 | |
16 | 0.083 | 0.417 | 0.083 | 0.417 | |
17 | 0.188 | 0.678 | 0.047 | 0.088 | |
18 | 0.036 | 0.435 | 0.435 | 0.093 | |
19 | 0.061 | 0.416 | 0.077 | 0.446 | |
20 | 0.048 | 0.203 | 0.599 | 0.151 | |
21 | 0.129 | 0.143 | 0.687 | 0.040 | |
22 | 0.100 | 0.700 | 0.100 | 0.100 | |
23 | 0.063 | 0.586 | 0.288 | 0.063 | |
24 | 0.205 | 0.685 | 0.046 | 0.064 | |
25 | 0.041 | 0.361 | 0.079 | 0.520 | |
Average | 0.121 | 0.399 | 0.293 | 0.186 |
Evaluation Criteria | Inability of Dispatchers to Issue Dispatch Instructions | Inability of Train Crew to Communicate with One Another | Failure of the Emergency Reporting System | Inability to Record Calls, Resulting in the Loss of Critical Information | |
---|---|---|---|---|---|
Questionnaire No. | |||||
1 | 0.673 | 0.165 | 0.114 | 0.048 | |
2 | 0.677 | 0.110 | 0.170 | 0.043 | |
3 | 0.450 | 0.050 | 0.450 | 0.050 | |
4 | 0.586 | 0.168 | 0.204 | 0.041 | |
5 | 0.100 | 0.100 | 0.700 | 0.100 | |
6 | 0.155 | 0.146 | 0.661 | 0.038 | |
7 | 0.134 | 0.155 | 0.658 | 0.054 | |
8 | 0.401 | 0.427 | 0.118 | 0.053 | |
9 | 0.186 | 0.069 | 0.698 | 0.046 | |
10 | 0.606 | 0.234 | 0.080 | 0.080 | |
11 | 0.475 | 0.098 | 0.358 | 0.068 | |
12 | 0.170 | 0.170 | 0.625 | 0.036 | |
13 | 0.627 | 0.204 | 0.131 | 0.039 | |
14 | 0.531 | 0.314 | 0.092 | 0.063 | |
15 | 0.518 | 0.097 | 0.083 | 0.302 | |
16 | 0.208 | 0.208 | 0.487 | 0.096 | |
17 | 0.437 | 0.082 | 0.437 | 0.044 | |
18 | 0.134 | 0.134 | 0.692 | 0.040 | |
19 | 0.420 | 0.420 | 0.126 | 0.034 | |
20 | 0.047 | 0.297 | 0.568 | 0.088 | |
21 | 0.146 | 0.155 | 0.661 | 0.038 | |
22 | 0.666 | 0.047 | 0.220 | 0.067 | |
23 | 0.651 | 0.110 | 0.119 | 0.119 | |
24 | 0.236 | 0.658 | 0.062 | 0.044 | |
25 | 0.540 | 0.274 | 0.150 | 0.037 | |
Average | 0.403 | 0.203 | 0.321 | 0.072 |
Evaluation Criteria | Inability to Monitor Train Occupancy in Track Sections (Locations) | Inability of Controllers to Issue Commands to Safety Control Systems | Inability of the Dispatching System to Automatically Track Train Numbers | Inability to Automatically Record Train Arrival, Departure, or Passing Times at Stations | |
---|---|---|---|---|---|
Questionnaire No. | |||||
1 | 0.409 | 0.453 | 0.094 | 0.045 | |
2 | 0.190 | 0.694 | 0.057 | 0.059 | |
3 | 0.735 | 0.082 | 0.124 | 0.060 | |
4 | 0.262 | 0.565 | 0.118 | 0.055 | |
5 | 0.438 | 0.438 | 0.063 | 0.063 | |
6 | 0.613 | 0.208 | 0.089 | 0.089 | |
7 | 0.219 | 0.660 | 0.061 | 0.061 | |
8 | 0.246 | 0.589 | 0.114 | 0.050 | |
9 | 0.692 | 0.140 | 0.099 | 0.070 | |
10 | 0.615 | 0.170 | 0.170 | 0.044 | |
11 | 0.206 | 0.646 | 0.085 | 0.064 | |
12 | 0.750 | 0.083 | 0.083 | 0.083 | |
13 | 0.621 | 0.165 | 0.165 | 0.048 | |
14 | 0.297 | 0.125 | 0.414 | 0.164 | |
15 | 0.052 | 0.266 | 0.341 | 0.341 | |
16 | 0.742 | 0.082 | 0.117 | 0.058 | |
17 | 0.429 | 0.429 | 0.093 | 0.049 | |
18 | 0.750 | 0.083 | 0.083 | 0.083 | |
19 | 0.168 | 0.611 | 0.168 | 0.052 | |
20 | 0.579 | 0.282 | 0.081 | 0.057 | |
21 | 0.144 | 0.574 | 0.203 | 0.078 | |
22 | 0.235 | 0.454 | 0.155 | 0.155 | |
23 | 0.239 | 0.253 | 0.299 | 0.209 | |
24 | 0.645 | 0.143 | 0.120 | 0.093 | |
25 | 0.646 | 0.080 | 0.156 | 0.117 | |
Average | 0.446 | 0.310 | 0.151 | 0.093 |
Evaluation Criteria | Inability to Provide Drivers with Information on Upcoming Signals, Block Status, and Train Occupancy | Inability to Determine the Speed Limit for Following Trains Based on the Position of the Preceding Train | Inability to Transmit Speed Restriction Information to Trains | Failure to Automatically Apply Brakes When the Train Exceeds the Speed Limit | |
---|---|---|---|---|---|
Questionnaire No. | |||||
1 | 0.127 | 0.451 | 0.041 | 0.382 | |
2 | 0.546 | 0.304 | 0.050 | 0.099 | |
3 | 0.235 | 0.172 | 0.235 | 0.357 | |
4 | 0.112 | 0.189 | 0.059 | 0.641 | |
5 | 0.098 | 0.071 | 0.148 | 0.683 | |
6 | 0.735 | 0.054 | 0.054 | 0.158 | |
7 | 0.315 | 0.081 | 0.133 | 0.471 | |
8 | 0.609 | 0.208 | 0.107 | 0.076 | |
9 | 0.178 | 0.158 | 0.042 | 0.623 | |
10 | 0.450 | 0.050 | 0.050 | 0.450 | |
11 | 0.734 | 0.087 | 0.087 | 0.093 | |
12 | 0.499 | 0.099 | 0.080 | 0.322 | |
13 | 0.695 | 0.100 | 0.095 | 0.110 | |
14 | 0.513 | 0.176 | 0.155 | 0.156 | |
15 | 0.237 | 0.167 | 0.217 | 0.380 | |
16 | 0.064 | 0.156 | 0.219 | 0.562 | |
17 | 0.429 | 0.071 | 0.071 | 0.429 | |
18 | 0.083 | 0.083 | 0.083 | 0.750 | |
19 | 0.668 | 0.143 | 0.101 | 0.088 | |
20 | 0.043 | 0.144 | 0.140 | 0.673 | |
21 | 0.731 | 0.152 | 0.059 | 0.058 | |
22 | 0.464 | 0.072 | 0.072 | 0.392 | |
23 | 0.250 | 0.250 | 0.250 | 0.250 | |
24 | 0.395 | 0.435 | 0.115 | 0.055 | |
25 | 0.403 | 0.087 | 0.044 | 0.466 | |
Average | 0.376 | 0.170 | 0.119 | 0.335 |
Evaluation Criteria | Train Operation Disruptions and Delays | Increased Passenger Safety Risks | Malfunctions in Signal and Communication Systems | Increased Risk of Catastrophic Accidents | |
---|---|---|---|---|---|
Questionnaire No. | |||||
1 | 0.206 | 0.042 | 0.297 | 0.455 | |
2 | 0.055 | 0.055 | 0.243 | 0.648 | |
3 | 0.033 | 0.264 | 0.188 | 0.515 | |
4 | 0.126 | 0.069 | 0.244 | 0.561 | |
5 | 0.056 | 0.056 | 0.598 | 0.289 | |
6 | 0.034 | 0.223 | 0.223 | 0.521 | |
7 | 0.077 | 0.383 | 0.120 | 0.419 | |
8 | 0.048 | 0.650 | 0.046 | 0.256 | |
9 | 0.048 | 0.048 | 0.654 | 0.249 | |
10 | 0.039 | 0.327 | 0.308 | 0.327 | |
11 | 0.036 | 0.321 | 0.321 | 0.321 | |
12 | 0.057 | 0.455 | 0.061 | 0.427 | |
13 | 0.051 | 0.461 | 0.055 | 0.433 | |
14 | 0.038 | 0.460 | 0.210 | 0.292 | |
15 | 0.100 | 0.300 | 0.300 | 0.300 | |
16 | 0.417 | 0.083 | 0.417 | 0.083 | |
17 | 0.039 | 0.124 | 0.419 | 0.419 | |
18 | 0.033 | 0.406 | 0.154 | 0.406 | |
19 | 0.093 | 0.036 | 0.435 | 0.435 | |
20 | 0.041 | 0.133 | 0.253 | 0.573 | |
21 | 0.056 | 0.458 | 0.056 | 0.430 | |
22 | 0.093 | 0.036 | 0.435 | 0.435 | |
23 | 0.356 | 0.098 | 0.251 | 0.295 | |
24 | 0.035 | 0.234 | 0.558 | 0.174 | |
25 | 0.033 | 0.196 | 0.575 | 0.196 | |
Average | 0.077 | 0.204 | 0.288 | 0.431 |
References
- Raval, K.J.; Jadav, N.K.; Rathod, T.; Tanwar, S.; Vimal, V.; Yamsani, N. A survey on safeguarding critical infrastructures: Attacks, AI security, and future directions. Int. J. Crit. Infrastruct. Prot. 2024, 44, 100647. [Google Scholar] [CrossRef]
- Jadav, N.K.; Gupta, R.; Tanwar, S. AI and onion routing-based secure architectural framework for IoT-based critical infrastructure. In Proceedings of the 2023 13th International Conference on Cloud Computing, Data Science & Engineering (Confluence), Noida, India, 19–20 January 2023; pp. 559–564. [Google Scholar] [CrossRef]
- Homeland Security Policy Committee, Executive Yuan. Available online: https://ohs.ey.gov.tw/Page/E09D4EC20A2D078A (accessed on 22 August 2025).
- Šarūnienė, I.; Martišauskas, L.; Krikštolaitis, R.; Augutis, J.; Setola, R. Risk assessment of critical infrastructures: A methodology based on criticality of infrastructure elements. Reliab. Eng. Syst. Saf. 2023, 243, 109797. [Google Scholar] [CrossRef]
- Pursiainen, C.; Kytömaa, E. From European critical infrastructure protection to the resilience of European critical entities: What does it mean? Sustain. Resilient Infrastruct. 2023, 8 (Suppl. 1), 85–101. [Google Scholar] [CrossRef]
- Broto, V.C.; Cortina-Oriol, M.; Durrant, D.; Griggs, S.; Guarneros-Meza, V.; Hayes, G.; Howarth, D.; Isunza-Vera, E.; Wong, M.T.; Zaremberg, G. Infrastructures, processes of insertion and the everyday: Towards a new dialogue in critical policy studies. Crit. Policy Stud. 2022, 16, 121–130. [Google Scholar] [CrossRef]
- Classification of National Critical Infrastructure Areas. Available online: https://ohs.ey.gov.tw/File/62C7B5B507800552 (accessed on 22 August 2025).
- Abuhasel, K.A. Linear Probabilistic Resilience Model for Securing Critical Infrastructure in Industry 5.0. IEEE Access 2023, 11, 80863–80873. [Google Scholar] [CrossRef]
- Barak, I. Critical infrastructure under attack: Lessons from a honeypot. Netw. Secur. 2020, 2020, 16–17. [Google Scholar] [CrossRef]
- Luiijf, E.; Nieuwenhuijs, A.; Klaver, M.; van Eeten, M.; Cruz, E. Empirical Findings on Critical Infrastructure Dependencies in Europe. In Critical Information Infrastructure Security; Setola, R., Geretshuber, S., Eds.; Springer: Berlin/Heidelberg, Germany, 2009; Volume 5508, pp. 326–337. [Google Scholar] [CrossRef]
- Kour, R.; Patwardhan, A.; Thaduri, A.; Karim, R. A review on cybersecurity in railways. Proc. Inst. Mech. Eng. Part F J. Rail Rapid Transit. 2022, 237, 3–20. [Google Scholar] [CrossRef]
- Wisniewski, M.; Gladysz, B.; Ejsmont, K.; Wodecki, A.; Van Erp, T. Industry 4.0 solutions impacts on critical infrastructure safety and protection—A systematic literature review. IEEE Access 2022, 10, 82716–82735. [Google Scholar] [CrossRef]
- Lopez, I.; Aguado, M. Cyber security analysis of the European train control system. IEEE Commun. Mag. 2015, 53, 110–116. [Google Scholar] [CrossRef]
- Yigit, Y.; Ferrag, M.A.; Ghanem, M.C.; Sarker, I.H.; Maglaras, L.A.; Chrysoulas, C.; Moradpoor, N.; Tihanyi, N.; Janicke, H. Generative AI and LLMs for Critical Infrastructure Protection: Evaluation Benchmarks, Agentic AI, Challenges, and Opportunities. Sensors 2025, 25, 1666. [Google Scholar] [CrossRef]
- IBM. Available online: https://securityintelligence.com/news/high-impact-attacks-on-critical-infrastructure-climb-140/ (accessed on 15 July 2025).
- Luo, M.; Tao, C.; Liu, Y.; Chen, S.; Chen, P. An Endogenous Security-Oriented Framework for Cyber Resilience Assessment in Critical Infrastructures. Appl. Sci. 2025, 15, 8342. [Google Scholar] [CrossRef]
- von Briel, F.; Davidsson, P.; Recker, J. Digital Technologies as External Enablers of New Venture Creation in the IT Hardware Sector. Entrep. Theory Pract. 2017, 42, 47–69. [Google Scholar] [CrossRef]
- Gnoni, M.G.; Bragatto, P.A.; Milazzo, M.F.; Setola, R. Integrating IoT technologies for an intelligent safety management in the process industry. Procedia Manuf. 2020, 42, 511–515. [Google Scholar] [CrossRef]
- Lubis, M.; Safitra, M.F.; Fakhrurroja, H.; Muttaqin, A.N. Guarding Our Vital Systems: A Metric for Critical Infrastructure Cyber Resilience. Sensors 2025, 25, 4545. [Google Scholar] [CrossRef]
- Ten, C.-W.; Manimaran, G.; Liu, C.-C. Cybersecurity for Critical Infrastructures: Attack and Defense Modeling. IEEE Trans. Syst. Man Cybern. Part A Syst. Humans 2010, 40, 853–865. [Google Scholar] [CrossRef]
- Kweon, E.; Lee, H.; Chai, S.; Yoo, K. The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence. Inf. Syst. Front. 2021, 23, 361–373. [Google Scholar] [CrossRef]
- He, Y.; Bin, Z.; Xu, X.; Yu, H.; Zhang, Y.; Li, N.; Li, M. Landslide Risk Assessment Along Railway Lines Using Multi-Source Data: A Game Theory-Based Integrated Weighting Approach for Sustainable Infrastructure Planning. Sustainability 2025, 17, 5522. [Google Scholar] [CrossRef]
- Panchal, S.; Shrivastava, A.K. Landslide hazard assessment using analytic hierarchy process (AHP): A case study of National Highway 5 in India. Ain Shams Eng. J. 2022, 13, 101626. [Google Scholar] [CrossRef]
- Abuzwidah, M.; Elawady, A.; Ashour, A.G.; Yilmaz, A.G.; Shanableh, A.; Zeiada, W. Flood Risk Assessment for Sustainable Transportation Planning and Development under Climate Change: A GIS-Based Comparative Analysis of CMIP6 Scenarios. Sustainability 2024, 16, 5939. [Google Scholar] [CrossRef]
- Al-Barqawi, H.; Zayed, T. Infrastructure management: Integrated AHP/ANN model to evaluate municipal water mains’ performance. J. Infrastruct. Syst. 2008, 14, 305–318. [Google Scholar] [CrossRef]
- Piratla, K.R.; Jin, H.; Yazdekhasti, S. A Failure Risk-Based Culvert Renewal Prioritization Framework. Infrastructures 2019, 4, 43. [Google Scholar] [CrossRef]
- Udie, J.; Bhattacharyya, S.; Ozawa-Meida, L. A Conceptual Framework for Vulnerability Assessment of Climate Change Impact on Critical Oil and Gas Infrastructure in the Niger Delta. Climate 2018, 6, 11. [Google Scholar] [CrossRef]
- Saaty, T.L. The analytic hierarchy process (AHP). J. Oper. Res. Soc. 1980, 41, 1073–1076. [Google Scholar]
- Amankwah-Nkyi, K.; Hernandez, S.; Mitra, S.K. Highway-Transportation-Asset Criticality Estimation Leveraging Stakeholder Input Through an Analytical Hierarchy Process (AHP). Sustainability 2025, 17, 5212. [Google Scholar] [CrossRef]
- Jewpanya, P.; Nuangpirom, P.; Nakkiew, W.; Pitjamit, S.; Jaichomphu, P. Optimizing Tourist Destination Selection Using AHP and Fuzzy AHP Based on Individual Preferences for Personalized Tourism. Sustainability 2025, 17, 1116. [Google Scholar] [CrossRef]
- Roth, E.M.; Malsch, N.; Multer, J. Understanding How Train Dispatchers Manage and Control Trains: Results of a Cognitive Task Analysis (No. DOT-VNTSC-FRA-98-3); United States Department of Transportation, Federal Railroad Administration: Washington, DC, USA, 2001. [Google Scholar]
- Heath, C.; Hindmarsh, J.; Luff, P. Interaction in isolation: The dislocated world of the London Underground train driver. Sociology 1999, 33, 555–575. [Google Scholar] [CrossRef]
- Andreasson, R.; Jansson, A.A.; Lindblom, J. The coordination between train traffic controllers and train drivers: A distributed cognition perspective on railway. Cogn. Technol. Work 2019, 21, 417–443. [Google Scholar] [CrossRef]
- Hailes, S. Modern telecommunications systems for train control. In Proceedings of the 11th IET Professional Development Course on Railway Signalling and Control Systems, York, UK, 5–9 June 2006; pp. 185–192. [Google Scholar]
- Andrén, M.; Sanne, J.M.; Linell, P. Striking the balance between formality and informality in safety-critical communication: Train traffic control calls. J. Pragmat. 2010, 42, 220–241. [Google Scholar] [CrossRef]
- Nie, L.; Hansen, I.A. System analysis of train operations and track occupancy at railway stations. Eur. J. Transp. Infrastruct. Res. 2005, 5, 31–54. [Google Scholar] [CrossRef]
- Hartong, M.; Goel, R.; Wijesekera, D. Communications security concerns in communications based train control. WIT Trans. Built Environ. 2006, 88, 1–10. [Google Scholar] [CrossRef]
- Şahin, İ. Railway traffic control and train scheduling based on inter-train conflict management. Transp. Res. Part B Methodol. 1999, 33, 511–534. [Google Scholar] [CrossRef]
- Carey, M.; Crawford, I. Scheduling trains on a network of busy complex stations. Transp. Res. Part B Methodol. 2007, 41, 159–178. [Google Scholar] [CrossRef]
- Farooq, J.; Soler, J. Radio communication for communications-based train control (CBTC): A tutorial and survey. IEEE Commun. Surv. Tutor. 2017, 19, 1377–1402. [Google Scholar] [CrossRef]
- Krasemann, J.T. Design of an effective algorithm for fast response to the re-scheduling of railway traffic during disturbances. Transp. Res. Part C Emerg. Technol. 2012, 20, 62–78. [Google Scholar] [CrossRef]
- Zhang, J.; Liu, H.; Wu, Q.; Jin, Y.; Chen, Y.; Ai, B.; Jin, S.; Cui, T.J. RIS-Aided Next-Generation High-Speed Train Communications: Challenges, Solutions, and Future Directions. IEEE Wirel. Commun. 2022, 28, 145–151. [Google Scholar] [CrossRef]
- Wu, Q.; Cole, C.; Spiryagin, M.; Chang, C.; Wei, W.; Ursulyak, L.; Cantone, L. Freight train air brake models. Int. J. Rail Transp. 2023, 11, 1–49. [Google Scholar] [CrossRef]
- Monsuur, F.; Enoch, M.; Quddus, M.; Meek, S. Modelling the impact of rail delays on passenger satisfaction. Transp. Res. Part A Policy Pract. 2021, 152, 19–35. [Google Scholar] [CrossRef]
- Larue, G.S.; Popovic, V.; Legge, M.; Brophy, C.; Blackman, R. Safe trip: Factors contributing to slip, trip and fall risk at train stations. Appl. Ergon. 2021, 92, 103316. [Google Scholar] [CrossRef] [PubMed]
- Butakova, M.A.; Chernov, A.V.; Shevchuk, P.S.; Vereskun, V.D. Complex event processing for network anomaly detection in digital railway communication services. In Proceedings of the 2017 25th Telecommunication Forum (TELFOR), Belgrade, Serbia, 21–22 November 2017; pp. 1–4. [Google Scholar] [CrossRef]
- Evans, A.W. Fatal train accidents on Europe’s railways: An update to 2019. Accid. Anal. Prev. 2021, 158, 106182. [Google Scholar] [CrossRef]
- Thron, E.; Faily, S.; Dogan, H.; Freer, M. Human factors and cyber-security risks on the railway–the critical role played by signalling operations. Inf. Comput. Secur. 2024, 32, 236–263. [Google Scholar] [CrossRef]
- Yu, P.-D.; Tan, C.W.; Fu, H.-L. Averting cascading failures in networked infrastructures: Poset-constrained graph algorithms. IEEE J. Sel. Top. Signal Process. 2018, 12, 733–748. [Google Scholar] [CrossRef]
n | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |
---|---|---|---|---|---|---|---|---|---|---|---|
RI | 0 | 0 | 0.58 | 0.9 | 1.12 | 1.24 | 1.32 | 1.41 | 1.45 | 1.49 | 1.51 |
Intensity of Importance | Extreme importance | — | Very strong importance | — | Strong importance | — | Moderate importance | — | Equal importance | — | Moderate importance | — | Strong importance | — | Very strong importance | — | Extreme importance | Intensity of Importance |
Personnel Risk | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Owner Risk |
Dimension | Critical Influencing Factors | Description |
---|---|---|
Cybersecurity Risk Dimensions of Dispatch Radio Communication Systems | Inability of dispatchers to issue dispatch instructions [31] | Failure to transmit dispatch instructions in a timely manner may compromise operational safety and scheduling efficiency. |
Inability of train crew to communicate with one another [32,33] | When train crew are unable to report abnormal conditions, it may lead to delayed responses, accident escalation, and disruptions to operational safety and order. | |
Failure of the emergency reporting system [34] | The loss of emergency communication capabilities may hinder timely emergency handling and alerts. | |
Inability to record calls, resulting in the loss of critical information [35] | Lack of call recordings may result in the loss of key information, hindering accident investigation and responsibility clarification. |
Dimension | Critical Influencing Factors | Description |
---|---|---|
Cybersecurity Risk Dimensions of CTC Systems | Inability to monitor train occupancy in track sections (locations) [36] | Inability to detect train positions may result in misjudgments, dispatching errors, and compromise both safety and dispatching efficiency. |
Inability of controllers to issue commands to safety control systems [37] | When controllers are unable to operate signaling equipment and track switches, it may cause loss of train control and collisions, threatening operational safety and dispatching. | |
Inability of the dispatching system to automatically track train numbers [38] | Inability to track train numbers automatically may lead to dispatching errors and misjudgment of train positions, affecting operational safety. | |
Inability to automatically record train arrival, departure, or passing times at stations [39] | The lack of automated time records may hinder understanding of train movements, reduce the accuracy of root cause analysis, and impair the effectiveness of transportation planning decisions. |
Dimension | Critical Influencing Factors | Description |
---|---|---|
Cybersecurity Risk Dimensions of ATP Systems | Inability to provide drivers with information on upcoming signals, block status, and train occupancy [40] | Drivers are required to make operational decisions in responsibility mode, as ATP assistance becomes unavailable. |
Inability to determine the speed limit for following trains based on the position of the preceding train [41] | Failure to impose speed restrictions accordingly may lead to rear-end collisions and compromise train safety and dispatch control. | |
Inability to transmit speed restriction information to trains [42] | Failure to convey speed restriction information to trains may result in overspeeding, increasing the risk of accidents and threatening operational safety. | |
Failure to automatically apply brakes when the train exceeds the speed limit [43] | Overspeed without automatic braking may result in block violations or Signals Passed at Danger, posing serious risks to passenger safety and operational stability. |
Dimension | Critical Influencing Factors | Description |
---|---|---|
Cybersecurity Risk Dimensions of Power Systems | Train operation disruptions and delays [44] | Train stoppages en route result in passengers being stranded, which is especially hazardous in tunnels or remote sections. |
Increased passenger Safety risks [45] | Prolonged power outages may cause overheating and oxygen depletion inside the train, which is particularly dangerous during summer. | |
Malfunctions in signal and communication systems [46] | Signal blackouts and track switch failures increase the risk of collisions. | |
Increased risk of catastrophic accidents [47] | Some braking systems rely on electrical power. Failures may result in extended stopping distances or complete braking loss. |
Background Type | Railway Administrative Authority | Railway Operating Organization | Information and Communications Industry |
---|---|---|---|
Number of Experts | 4 | 15 | 6 |
Background Type | Senior Executive | Middle Management/Technical Supervisor | Frontline Manager/ Operations Staff |
---|---|---|---|
Number of Experts | 9 | 8 | 8 |
Background Type | Communication and Information Systems | Railway Dispatch and Transportation Management | System Integration and Professional Management | Electromechanical Engineering |
---|---|---|---|---|
Number of Experts | 8 | 4 | 6 | 7 |
Risk Dimension | Evaluation Criteria | Weight | Rank |
---|---|---|---|
Dispatch Radio Communication System Cybersecurity (0.121) | Inability of dispatchers to issue dispatch instructions (0.403) | 0.049 | 1 |
Inability of train crew to communicate with one another (0.203) | 0.025 | 3 | |
Failure of the emergency reporting system (0.321) | 0.039 | 2 | |
Inability to record calls, resulting in the loss of critical information (0.072) | 0.009 | 4 |
Risk Dimension | Evaluation Criteria | Weight | Rank |
---|---|---|---|
CTC System Cybersecurity (0.399) | Inability to monitor train occupancy in track sections (0.446) | 0.178 | 1 |
Inability of controllers to issue commands to safety control systems (0.310) | 0.124 | 2 | |
Inability of the dispatching system to automatically track train numbers (0.151) | 0.060 | 3 | |
Inability to automatically record train arrival, departure, or passing times at stations (0.093) | 0.037 | 4 |
Risk Dimension | Evaluation Criteria | Weight | Rank |
---|---|---|---|
ATP System Cybersecurity (0.293) | Inability to provide drivers with information on upcoming signals, block status, and train occupancy (0.376) | 0.110 | 1 |
Inability to determine the speed limit for following trains based on the position of the preceding train (0.170) | 0.050 | 3 | |
Inability to transmit speed restriction information to trains (0.119) | 0.035 | 4 | |
Failure to automatically apply brakes when the train exceeds the speed limit (0.335) | 0.098 | 2 |
Risk Dimension | Evaluation Criteria | Weight | Rank |
---|---|---|---|
Power System Cybersecurity (0.186) | Train operation disruptions and delays (0.077) | 0.014 | 4 |
Increased passenger safety risks (0.204) | 0.038 | 3 | |
Malfunctions in signal and communication system (0.288) | 0.054 | 2 | |
Increased risk of catastrophic accidents (0.431) | 0.080 | 1 |
Rank | Description | Weight | Cumulative Value |
---|---|---|---|
1 | Inability to monitor train occupancy in track sections (locations) | 0.178 | 0.178 |
2 | Inability of controllers to issue commands to safety control systems | 0.124 | 0.302 |
3 | Inability to provide drivers with information on upcoming signals, block status, and train occupancy | 0.11 | 0.412 |
4 | Failure to automatically apply brakes when the train exceeds the speed limit | 0.098 | 0.51 |
5 | Increased risk of catastrophic accidents due to power system cybersecurity issues | 0.08 | 0.59 |
6 | Inability of the dispatching system to automatically track train numbers | 0.06 | 0.65 |
7 | Malfunctions in signal and communication systems | 0.054 | 0.704 |
8 | Inability to determine the speed limit for following trains based on the position of the preceding train | 0.05 | 0.754 |
9 | Inability of dispatchers to issue dispatch instructions | 0.049 | 0.803 |
10 | Failure of the emergency reporting system | 0.039 | 0.842 |
11 | Increased passenger safety risks due to power system cybersecurity issues | 0.038 | 0.88 |
12 | Inability to automatically record train arrival, departure, or passing times at stations | 0.037 | 0.917 |
13 | Inability to transmit speed restriction information to trains | 0.035 | 0.952 |
14 | Inability of train crew to communicate with one another | 0.025 | 0.977 |
15 | Train operation disruptions and delays | 0.014 | 0.991 |
16 | Inability to record calls, resulting in the loss of critical information | 0.009 | 1 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Hsiao, L.-S.; Lin, I.-L.; Huang, C.-J.; Liu, H.-T. Analysis of Factors Influencing Cybersecurity in Railway Critical Infrastructure: A Case Study of Taiwan Railway Corporation, Ltd. Systems 2025, 13, 861. https://doi.org/10.3390/systems13100861
Hsiao L-S, Lin I-L, Huang C-J, Liu H-T. Analysis of Factors Influencing Cybersecurity in Railway Critical Infrastructure: A Case Study of Taiwan Railway Corporation, Ltd. Systems. 2025; 13(10):861. https://doi.org/10.3390/systems13100861
Chicago/Turabian StyleHsiao, Liang-Sheng, I-Long Lin, Chi-Jan Huang, and Hsiang-Te Liu. 2025. "Analysis of Factors Influencing Cybersecurity in Railway Critical Infrastructure: A Case Study of Taiwan Railway Corporation, Ltd." Systems 13, no. 10: 861. https://doi.org/10.3390/systems13100861
APA StyleHsiao, L.-S., Lin, I.-L., Huang, C.-J., & Liu, H.-T. (2025). Analysis of Factors Influencing Cybersecurity in Railway Critical Infrastructure: A Case Study of Taiwan Railway Corporation, Ltd. Systems, 13(10), 861. https://doi.org/10.3390/systems13100861