The Ethernet Switch & Cybersecurity

Cybersecurity in Public Transport just a Hype?

We are not there yet, but getting close: the term cybersecurity is starting to turn into a hype in the public transport industry, following buzzwords like smart, artificial intelligence, IoT and Industry 4.0.

It is indisputably right to take care of the issues of data protection, data integrity and service availability and to develop mechanisms to keep unauthorized persons out. To do this, the first step is to analyze the risk, scenarios and motivation of a cyber attack, as well as potential vulnerabilities. From this, measures and rules are derived, the effectiveness of which depends on how they are implemented in the system architecture and integration, but also in daily operations.

The vulnerability in IT is not the hardware component itself.

The vulnerability in IT is not the hardware component itself. An example that illustrates this is the cyberattack on Uber in September 2022, where the compromise was through a valid user account and an employee’s credentials.

Consequently, a question such as “Does the Ethernet switch contribute to cybersecurity?” is not as accurate. As can be easily seen, cybersecurity is not a feature of a single component. This is true even if a device meets the requirements of IEC 62443 or if the manufacturer can provide a certificate for a component according to IEC 62443-4-2 or ISO 21343.

A component alone cannot guarantee sufficient protection. In any case, it is questionable whether the aforementioned standards apply to systems for passenger information and passenger counting, validators or video surveillance in public transport. However, the hype surrounding the term cybersecurity is driving market participants to bluntly consume these standards.

>> Read also: Cyber Security in Public Transport Networks

It All Comes Down to Technology

There is no way around a system architect evaluating the components technically. This is the only way to define effective protective measures. The analysis takes place top-down – from the application and system layer to the component level. For components, it is important to evaluate from a technical perspective to what extent they represent a vulnerability for the envisaged attack scenario and how they can contribute to cyber protection with their functions.

No one can explain the technical know-how about the component and its technology better than the manufacturer itself. Therefore, cyber protection managers should always approach component manufacturers first with this one question: “How does the device work?”

With this article, we explore that very question and explain the basic architecture of an Ethernet switch. We look at the Ethernet switch as a standalone device that establishes layer 2 communications on the local IP network, as is typically the case on a transit bus or tram.

The Architecture of an Ethernet Switch

Primary function

The Ethernet switch represents a node in a local area network (LAN). Its primary function is to connect IP devices to a network at the physical layer (Layer 1) and to allow addressing of each IP device at the logical layer (Layer 2).

Switching Engine

The core is the switching engine. It contains a queue control unit as well as incoming (ingress) and outgoing (egress) buffers. The actual data propagation is done completely in the hardware. This allows data switching with very low latency (µs range).

Addressing

Addressing in a layer 2 switch is based on MAC addresses. Each IP device has a globally unique MAC address (e.g. FC:FA:B7:01:02:03). Communication takes place in data packets (frames). Each data packet contains a destination MAC address (DA) and a source MAC address (SA). Based on DA, the queue control unit decides to which port the incoming data packet is routed. The addresses are stored in a MAC table for this purpose. The MAC table is updated automatically by the queue control unit by mapping port to source MAC address (SA).

Policy

A Managed Ethernet Switch offers the possibility to make settings (policy) for incoming or outgoing buffers. The policy setting also allows the use of filters that are used for conditional forwarding or further processing of packets. This enables support for VLAN and Spanning Tree (STP/RSTP) or DHCP options.

The policy is set by means of a control interface. This is usually the management interface. This setting is usually referred to as the configuration of the switch. The management services are software programs that run in an embedded operating system (management OS).

Administration

Typically, a managed Ethernet switch provides at least two interfaces for administration: a local service port, which is not network-capable and is often a USB or serial port; and a network-capable protocol that provides access to management services over the network. To the outside world, this interface behaves like an ordinary node and is addressable via IP on the network. A special port is provided in the switching engine for this purpose, the internal management port.

The management port can handle both ordinary packets and management frames. The management frames are tagged as such and are always routed from the queue control to the management port. There the logic, i.e. the software or service, decides how these frames are processed. These services are accessible in the network via an IP address and belong to layers 4-7. Whoever has access to the management services also has control over the device.

The Ethernet Switch is No Firewall

A layer 2 Ethernet switch mediates the data of the nodes without analyzing the frame content or the actual user data. As can be easily seen in the architecture diagram, the switching takes place exclusively on a hardware level in a so-called ASIC (Application Specific Integrated Circuit).

Due to its performance power, the management software in the layer 2 Ethernet switch cannot simultaneously process the Ethernet frames to be transmitted between the nodes at the necessary speed to produce a useful application. The throughput of the data switching is drastically limited as soon as the management software intervenes in the packet processing. For this reason, packet inspection in the layer 2 Ethernet switch is not useful. This also applies to layer 3 (IPsec) encryption and any software-based firewall mechanisms.

Software Update and Security

During a software update of a layer 2 Ethernet switch, the management software is renewed. As a rule, the entire image is replaced. Embedding third-party services in the image is hardly practicable from the outside; services can only be installed by the manufacturer. Updates of ASIC functions are technically not possible in this context.

Conclusion: What Does the Ethernet Switch Have to Do with Cybersecurity in the Network?

The technical features of an Ethernet switch speak for themselves: A layer 2 switch uses MAC addresses to transmit data; managed switches also offer services at higher layers. The switch is not built for packet inspection and therefore cannot take over firewall tasks. At the software level, updates do not pose any risks because the entire image is replaced in a controlled manner. When it comes to cybersecurity in the IP network, attention should be paid first and foremost to the system and secondly to possible attack motives and scenarios. Only then can individual network components be considered and examined.