DURING the development of its UniAC axle counting system they included other cybersecurity measures such as authentication, authorisation, integrity, and cryptography to address the identified vulnerabilities and threats in the UniAC.

This has been achieved by incorporating:

  • security by design, which was implemented based on extensive separation of safety and security functions
  • reduced attack surface, through minimising the physical and functional interfaces that can be accessed and exposed to potential attack - with dominant use of embedded firmware and legacy hardware, UniAC is flexible with network segmentation and access control, and
  • defence through depth, with multi-layered security mechanisms for security and detection; the system implements good security practices in Layer 2 (hardware) and Layer 7 (application software), along with Layer 3 protection (firewall), allowing the separation of connected networks.

Most security related tasks are supported by embedding dedicated hardware such as crypto authentication modules and communication processors. Hardware crypto functions on every AXM module are responsible for counting, evaluation and communication, and MAGSAC boards, which control power supply, basic diagnostics, and communication between the modules and external systems.