Abstract
Control and safety systems play a central role in the safe operation of trains in European rail networks since a long time. Up to now, they have primarily been designed according to safety considerations. Nevertheless, due to the emerging use of commercial off-the-shelf hardware and software components as well as the use of open communication infrastructures such as the Internet, IT security plays an ever increasing role in this critical infrastructure. In this area only few applicable IT security standards have been proposed. Lately the IEC 62443 standard has been established, which addresses industrial automation systems in general, but lacks important elements for the transportation sector.
In this paper we describe the current draft of a VDE standard for IT security in railway signalling applications, which is currently under review and introduces a thorough security engineering process for secure railway signalling. The standard builds on the IEC 62443 and addresses key requirements stemming from the railway domain. The novel security engineering process covers all phases of the system lifecycle, starting with requirements and risk analysis, a design phase, and finally covers implementation, validation and maintenance of the system as well as secure decommissioning.
In this paper we describe the current draft of a VDE standard for IT security in railway signalling applications, which is currently under review and introduces a thorough security engineering process for secure railway signalling. The standard builds on the IEC 62443 and addresses key requirements stemming from the railway domain. The novel security engineering process covers all phases of the system lifecycle, starting with requirements and risk analysis, a design phase, and finally covers implementation, validation and maintenance of the system as well as secure decommissioning.
| Original language | English |
|---|---|
| Title of host publication | ISSE 2014 Securing Electronic Business Processes |
| Subtitle of host publication | Highlights of the Information Security Solutions Europe 2014 Conference |
| Editors | Helmut Reimer, Norbert Pohlmann, Wolfgang Schneider |
| Publisher | Springer |
| Pages | 56-64 |
| Number of pages | 9 |
| ISBN (Electronic) | 978-3-658-06708-3 |
| ISBN (Print) | 978-3-658-06707-6 |
| DOIs | |
| Publication status | Published - 2014 |
| Externally published | Yes |
| Event | Information Security Solutions Europe Conference, ISSE 2014 - Brussels, Belgium Duration: 14 Oct 2014 → 15 Oct 2014 |
Conference
| Conference | Information Security Solutions Europe Conference, ISSE 2014 |
|---|---|
| Abbreviated title | ISSE |
| Country | Belgium |
| City | Brussels |
| Period | 14/10/14 → 15/10/14 |