IT-Security in Railway Signalling Systems

Christian Schlehuber, Erik Tews, Stefan Katzenbeisser

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

Control and safety systems play a central role in the safe operation of trains in European rail networks since a long time. Up to now, they have primarily been designed according to safety considerations. Nevertheless, due to the emerging use of commercial off-the-shelf hardware and software components as well as the use of open communication infrastructures such as the Internet, IT security plays an ever increasing role in this critical infrastructure. In this area only few applicable IT security standards have been proposed. Lately the IEC 62443 standard has been established, which addresses industrial automation systems in general, but lacks important elements for the transportation sector.

In this paper we describe the current draft of a VDE standard for IT security in railway signalling applications, which is currently under review and introduces a thorough security engineering process for secure railway signalling. The standard builds on the IEC 62443 and addresses key requirements stemming from the railway domain. The novel security engineering process covers all phases of the system lifecycle, starting with requirements and risk analysis, a design phase, and finally covers implementation, validation and maintenance of the system as well as secure decommissioning.
Original languageEnglish
Title of host publicationISSE 2014 Securing Electronic Business Processes
Subtitle of host publicationHighlights of the Information Security Solutions Europe 2014 Conference
EditorsHelmut Reimer, Norbert Pohlmann, Wolfgang Schneider
PublisherSpringer
Pages56-64
Number of pages9
ISBN (Electronic)978-3-658-06708-3
ISBN (Print)978-3-658-06707-6
DOIs
Publication statusPublished - 2014
Externally publishedYes
EventInformation Security Solutions Europe Conference, ISSE 2014 - Brussels, Belgium
Duration: 14 Oct 201415 Oct 2014

Conference

ConferenceInformation Security Solutions Europe Conference, ISSE 2014
Abbreviated titleISSE
CountryBelgium
CityBrussels
Period14/10/1415/10/14

Fingerprint

Dive into the research topics of 'IT-Security in Railway Signalling Systems'. Together they form a unique fingerprint.

Cite this