Procedure

VN

Overview

This document provides railway operators, system integrators and product suppliers, with guidance and specifications on how cybersecurity will be managed in the context of EN 50126 1 RAMS lifecycle process. This document aims at the implementation of a consistent approach to the management of the security of the railway systems. This document can also be applied to the security assurance of systems and components/equipment developed independently of EN 50126-1:2017. This document applies to Communications, Signalling and Processing domain, to Rolling Stock and to Fixed Installations domains. It provides references to models and concepts from which requirements and recommendations can be derived and that are suitable to ensure that the residual risk from security threats is identified, supervised and managed to an acceptable level by the railway system duty holder. It presents the underlying security assumptions in a structured manner. The aim of this document is to ensure that the RAMS characteristics of railway systems / subsystems / equipment cannot be reduced, lost or compromised in the case of cyberattacks. The security models, the concepts and the risk assessment process described in this document are based on or derived from the IEC/EN IEC 62443 series. This document is consistent with the application of security management requirements contained within IEC 62443-2-1, which in turn are based on EN ISO/IEC 27001 and EN ISO 27002. This document does not address functional safety requirements for railway systems but rather additional requirements arising from threats and related security vulnerabilities and for which specific measures and activities need to be taken and managed throughout the lifecycle. The standard differs from DIN CLC/TS 50701 (VDE V 0115-701):2023-04 as follows: a) 3.1: expansion or update of the definition of the following terms: air gap network, attack vector, availability, set of rules, cybersecurity evidence, data diode, host, host device, intrusion, authorization, railway operator, IT security facility, IT security event, IT security objective, SCADA system, validation, virtual routing and forwarding; b) 4.4: update of the legend for Figure 4; c) 5.3: update of the content of Table 1; d) 5.5.4: recommendation added: conduct of joint design reviews by the cybersecurity and design teams; e) 5.5.5: Figure 6 added; f) 6.2.6: MITRE ATT&ACK for ICS added as an example of a threat library; g) 7.2.3.1: Note added: vulnerabilities are not always found in hardware or software, but can also be found in configuration, organization, and processes; h) 7.2.4.2: requirement added: proof of the applicability of the rules shall be provided; i) 7.2.4.3: requirement added: proof of the applicability of the reference system shall be provided; j) 8.2: update of the reference to SR 1.4; k) B.4.6: recommendation added: passive network monitoring is recommended, as active network monitoring can impair the availability of the OT network. Due to increasing digitalization and driven by increased demand for performance and better maintainability, previously separate industrial systems are now connected to large network architectures. Standardized protocols and commercial components are also increasingly used. In view of this development, cybersecurity is becoming a key issue for these industrial systems, which also include critical systems such as railway systems. The purpose of this document is to provide a specification that can be used to demonstrate that the system under consideration has an appropriate level of cybersecurity, has defined and achieved appropriate security levels, and that cybersecurity is maintained during operation and maintenance by demonstrating compliance with this technical specification.

Document: references other documents

Responsible national committee

DKE/K 351 - Elektrische Ausrüstungen für Bahnen