Knowledge Base
Contact
Us Topic
Lists Search
Home
Home
Rail Industry News
Rail Industry News
IRSE notices
IRSE notices
IRSE events
IRSE events
IRSE News Journal
SELECT:
IRSE News - all available issues
 IRSE News - latest issue
IRSE News - 2023 issues
IRSE News - 2024 issues
Recent technical articles in IRSE News
IRSE videos
IRSE videos
Presidential Programme papers
SELECT:
Presidential Programme Papers 2023-2024
Failing safe - mindset matters (2023)
Global Integration - Presidential Address by Steve Boshier (2023)
Key requirements for the effective, safe and ethical use of Artificial Intelligence (AI) (2023)
Managing competencies across Australia and New Zealand - training and management of signalling ...
Remote monitoring of level crossings (2023)
Signalling globalisation from a New Zealand perspective (2024)
International Tech Committee papers
International Tech Committee papers
Learning resources
SELECT:
BACK TO BASICS articles on railway signalling and telecoms
Fundamental Requirements for Train Control Systems
More learning resources
Reading List for the IRSE Certificate in Railway Control Engineering Fundamentals
Signalling around the world
Terminology, definitions and acronyms
More...
SELECT:
Contact us
IRSE 10 short videos
IRSE Annual Report 2023
IRSE book store
IRSE Conferences and Seminars - past papers
IRSE membership
IRSE website (homepage)
Open Railway maps (external website)
Topics recently added to the Knowledge Base
Your favourites list is empty
Add this Topic to your list
Quick links:
A REMINDER ABOUT COOKIES: This Application places cookies on your computer, and by using it you are consenting to the use of cookies. The cookies are used solely for ensuring that you can access information that you are entitled to see. Click HERE to remove all this Application's cookies from your device (the Application will close). This message will be removed if you refresh this page or move to any other page.
Cybersecurity in railway signalling systems (2017)

This paper was written by/on behalf of the IRSE's International Technical Committee (ITC). It was published in IRSE NEWS September 2017.

Railway signalling systems cannot be considered as self-contained any longer and new kinds of threats have to be considered and taken care of, related to the fact that the railway signalling systems are more and more
wide-spread, highly integrated and communication-based. Based on these core aspects, additional vulnerabilities have to be considered related to aspects as increasing integration with non-signalling subsystems and aging technology in legacy systems which have been put into operation long before the current threat level has evolved.

All these so-called “cyber threats” are requiring new measures and efforts in order to ensure the integrity and safety of the railway system – and they cannot be considered to be taken by one of the business partners alone. In the scope of this article, security and safety are referred to based on the following definitions:

  • Security: Comprises all measures that are taken to protect a place or an item against espionage or sabotage, crime, attack or escape, or to ensure that only people with permission enter or leave it.
  • Safety: Comprises all measures that are taken to ensure that travel and traffic on rail is being performed without accidents causing injuries or fatalities.

Within a railway command and control system the approach to cybersecurity has to be a system-oriented activity, as part of the overall ‘system engineering’ approach and covering the whole life-span of the system. Considering only single products will not be sufficient. Products and subsystems will have to be hardened
for security nonetheless.

The architecture has to incorporate measures and capabilities to implement security, thus the rail control system needs to be implemented according to a security architecture which is aligned with the safety architecture and overall architecture: “cybersecure by design” is one indispensable prerequisite to achieve security of the whole system. In addition, process and social aspects need to be covered in order to ensure secure operation, maintenance and use of the system throughout its lifecycle.

The paper looks at the standards for cybersecurity, the legislative frameworks, and the key principles for good cyber-security, adopting a whole-life approach.

Following a comprehensive scheme based on the NIST approach and supporting signalling system network standardisation initiatives can help the different actors to align their views and approaches to cybersecurity in order to collaborate effectively.

Author(s):Norbert Howe, on behalf of the IRSE's International Technical Committee (ITC)
Keywords:cyber-security;cyber security;security;lifecycle;life-cycle;
Categorisation:
(Click to copy the Topic URL to the clipboard) Page created: 01/09/2017
Last modified: 18/08/2021
Click here to remove all this Application's cookies from your device.
Links and references: