DIN VDE V 0831-105
; VDE V 0831-105:2024-12
Electric signalling systems for railways - Part 105: Risk-based assessment and handling of IT-security vulnerabilities and incidents
Elektrische Bahn-Signalanlagen - Teil 105: Risikobasierte Bewertung und Behandlung von IT-Sicherheits-Schwachstellen und -Vorfällen
Procedure
VN
Overview
This document is applicable to safety-related electrical, electronic and programmable electronic (E/E/PES) systems including subsystems and equipment for electrical railway signalling systems. This document describes activities and methods with the aim of specifying a procedure for handling IT security vulnerabilities and incidents. Risk-based statements on implementation times for measures are also specified for this purpose. This document is applicable to the assessment and handling of risks arising from IT security threats as a result of security gaps. Only the basic steps are explained here; the details shall be regulated in the applicable guidelines and processes of the operator/manufacturer. There are no regional or international standards for the scope of application of this document. This document does not address vulnerabilities in functional security or physical access. It also does not address vulnerabilities caused solely by the fact that, in the case of time-limited documents which were the basis for bringing the system into operation, expired. Suitable processes for the timely extension / renewal of these bases are to be defined elsewhere. Typical examples of application include the establishment of security lifecycle management (SLCM) and the implementation of vulnerability management.
