This document provides railway operators, system integrators and product suppliers, with guidance and specifications on how cybersecurity will be managed in the context of EN 50126 1 RAMS lifecycle process. This document aims at the implementation of a consistent approach to the management of the security of the railway systems. This document can also be applied to the security assurance of systems and components/equipment developed independently of EN 50126 1:2017. This document applies to Communications, Signalling and Processing domain, to Rolling Stock and to Fixed Installations domains. It provides references to models and concepts from which requirements and recommendations can be derived and that are suitable to ensure that the residual risk from security threats is identified, supervised and managed to an acceptable level by the railway system duty holder. It presents the underlying security assumptions in a structured manner. This document does not address functional safety requirements for railway systems but rather additional requirements arising from threats and related security vulnerabilities and for which specific measures and activities need to be taken and managed throughout the lifecycle. The aim of this document is to ensure that the RAMS characteristics of railway systems / subsystems / equipment cannot be reduced, lost or compromised in the case of cyber attacks. The security models, the concepts and the risk assessment process described in this document are based on or derived from the IEC/EN IEC 62443 series. This document is consistent with the application of security management requirements contained within IEC 62443 2 1, which in turn are based on EN ISO/IEC 27001 and EN ISO 27002.

PDF Catalog

PDF Pages	PDF Title
2	undefined
10	1 Scope 2 Normative references 3 Terms, definitions and abbreviations 3.1 Terms and definitions
26	3.2 Abbreviations
29	4 Railway system overview 4.1 Introduction
30	4.2 Railway asset model
31	4.3 Railway physical architecture model
32	4.4 High-level railway zone model
34	5 Cybersecurity within a railway application lifecycle 5.1 Introduction 5.2 Railway application and product lifecycles 5.3 Activities, synchronization, and deliverables
38	5.4 Cybersecurity context and cybersecurity management plan 5.5 Relationship between cybersecurity and essential functions 5.5.1 General 5.5.2 Defence in depth
39	5.5.3 Security-related application conditions
40	5.5.4 Interfaces between cybersecurity and design team 5.5.5 Interfaces between the safety and the cybersecurity processes 5.5.5.1 Principles
41	5.5.5.2 Possible implementation through high level cybersecurity objectives
43	5.6 Cybersecurity assurance process
44	6 System definition and initial risk assessment 6.1 Introduction
45	6.2 Identification of the system under consideration 6.2.1 Definition of the SuC 6.2.2 Overall functional description 6.2.3 Access to the SuC
46	6.2.4 Essential functions 6.2.5 Assets supporting the essential functions 6.2.6 Threat landscape
47	6.3 Initial risk assessment 6.3.1 Impact assessment
48	6.3.2 Likelihood assessment
49	6.3.3 Risk evaluation 6.4 Partitioning of the SuC 6.4.1 Criteria for zones and conduits breakdown
50	6.4.2 Process for zones and conduits breakdown
51	6.5 Output and documentation 6.5.1 Description of the system under consideration 6.5.2 Documentation of the initial risk assessment 6.5.3 Definition of zones and conduits 7 Detailed risk assessment 7.1 General aspects
53	7.2 Establishment of cybersecurity requirements 7.2.1 General
54	7.2.2 Threat identification and vulnerability identification 7.2.2.1 Overview 7.2.2.2 Objectives
55	7.2.2.3 Activities/ Requirement or Recommendation
56	7.2.2.4 Deliverables 7.2.3 Vulnerability identification 7.2.3.1 Overview 7.2.3.2 Objectives 7.2.3.3 Activities / requirement or recommendation 7.2.3.4 Deliverables
57	7.2.4 Risk acceptance principles 7.2.4.1 General 7.2.4.2 Application of codes of practice 7.2.4.3 Reference systems
58	7.2.4.4 Deliverables 7.2.5 Derivation of SL-T by explicit risk evaluation
60	7.2.6 Determine initial SL 7.2.6.1 Overview
61	7.2.6.2 Objectives 7.2.6.3 Activities / Requirement or Recommendation 7.2.6.4 Deliverables 7.2.7 Determine countermeasures from EN IEC 6244333 7.2.7.1 Overview 7.2.7.2 Objectives
62	7.2.7.3 Activities / Requirement or Recommendation 7.2.7.4 Deliverables 7.2.8 Risk estimation and evaluation 7.2.8.1 Overview
63	7.2.8.2 Objectives 7.2.8.3 Activities / requirement or recommendation 7.2.8.4 Deliverables 7.2.9 Determine security level target 7.2.9.1 Overview
64	7.2.9.2 Objectives 7.2.9.3 Activities / Requirement or Recommendation 7.2.9.4 Deliverables 7.2.10 Cybersecurity requirements specification for zones and conduits
65	8 Cybersecurity requirements 8.1 Objectives 8.2 System security requirements
81	8.3 Apportionment of cybersecurity requirements 8.3.1 Objectives
82	8.3.2 Break down of system requirements to subsystem level 8.3.3 System requirement allocation at component level
83	8.3.4 Specific consideration for implementation of cybersecurity requirement on components 8.3.5 Requirement breakdown structure as verification 8.3.6 Compensating countermeasures
85	9 Cybersecurity assurance and system acceptance for operation 9.1 Overview
86	9.2 Cybersecurity case
87	9.3 Cybersecurity verification 9.3.1 General 9.3.2 Cybersecurity integration and verification
89	9.3.3 Assessment of results 9.4 Cybersecurity validation
90	9.5 Cybersecurity system acceptance 9.5.1 Independence 9.5.2 Objectives 9.5.3 Activities 9.5.4 Cybersecurity handover
91	10 Operational, maintenance and disposal requirements 10.1 Introduction 10.2 Vulnerability management
92	10.3 Security patch management 10.3.1 General
93	10.3.2 Patching systems while ensuring operational requirements
96	Annex A (informative)Handling conduits A.1 Introduction
97	A.2 Requirements for conduits in EN IEC 62443 A.3 Protection profiles for conduits
99	Annex B (informative)Handling legacy systems B.1 Introduction B.2 Basic security risks B.2.1 Denial of service attacks and vulnerability exploits B.2.2 Impersonation attack
100	B.3 Basic process activities B.3.1 General B.3.2 Zoning B.3.3 Defence in depth
101	B.3.4 Basic risk analysis B.3.5 (Re-)Commissioning B.3.6 Site acceptance test (SAT)
102	B.3.7 Operation B.3.8 Training of personnel B.3.9 Asset inventory B.4 Basic security countermeasures B.4.1 General B.4.2 Protect installation
103	B.4.3 Regular inspection of installation B.4.4 Closed network / perimeter protection B.4.5 Network segmentation / restricted data flow B.4.6 Network management system
104	B.4.7 Intrusion detection / SIEM B.4.8 Virtual private networks (VPN) B.4.9 Redundant communication B.4.10 Security gateway B.4.11 Handling mobile devices
105	Annex C (informative)Cybersecurity design principles C.1 Introduction C.2 Secure the weakest link
107	C.3 Defence-in-depth
109	C.4 Fail secure
110	C.5 Grant least privilege
112	C.6 Economize mechanism
115	C.7 Authenticate requests
116	C.8 Control access
119	C.9 Assume secrets not safe
120	C.10 Make security usable
122	C.11 Promote privacy
123	C.12 Audit and monitor
125	C.13 Proportionality principle
126	C.14 Precautionary principle
128	C.15 Continuous protection
129	C.16 Secure metadata
130	C.17 Secure defaults
132	C.18 Trusted components
134	Annex D (informative)Safety and security D.1 Introduction D.2 The differences between safety and security
135	D.3 Security from a safety perspective D.4 Co-engineering of safety and security
136	D.5 Quantification of security D.6 The relationship between safety integrity levels and security levels
137	D.7 Responsibility for security
138	Annex E (informative)Risk acceptance methods E.1 Introduction E.2 Example based on EN 501261 E.2.1 Introduction E.2.2 Impact assessment
139	E.2.3 Likelihood assessment
140	E.2.4 Risk acceptance E.2.5 Justification E.3 Example method – system integrator E.3.1 Introduction
141	E.3.2 Impact assessment E.3.3 Likelihood assessment
142	E.3.4 Risk acceptance
143	E.3.5 Justification E.4 Example method – infrastructure manager E.4.1 Introduction E.4.2 Impact assessment
144	E.4.3 Likelihood assessment E.4.4 Risk acceptance
145	E.4.5 Justification
146	Annex F (informative) Railway architecture and zoning F.1 Glossary to railway system overview
148	F.2 Zoning examples F.2.1 Introduction
149	F.2.2 Landside (fixed installations and signalling) F.2.2.1 Zone criticality
153	F.2.2.2 Zoning and segmentation
154	F.2.2.3 Communication rules
155	F.2.3 Rolling stock F.2.3.1 Zone criticality, zoning and segmentation F.2.3.2 Zone criticality and communication matrix in the rolling stock domain
156	F.2.3.3 Communication rules
158	F.2.4 Communication rules between rolling stock and landside F.2.4.1 Rolling stock and landside mapping table
161	F.2.4.2 General rules F.2.4.3 Rules for business IT F.2.4.4 Rules for operational technology (OT)
163	Annex G (informative)Cybersecurity deliverables content G.1 Introduction G.2 Cybersecurity management plan
164	G.3 Cybersecurity case

Published By	Publication Date	Number of Pages
BSI	2023	168


PDF Format	Searchable	Printable	Preview Now

Status	Definitive
Pages	168
Publication Date	2023-08-21
ISBN	978 0 539 20855 9
Standard Number	PD CLC/TS 50701:2023
Title	Railway applications. Cybersecurity
Identical National Standard Of	CLC/TS 50701
Replaces	PD CLC/TS 50701:2021
Descriptors	Rails, Railways, Railway engineering, Railway equipment, Information technology, Security, Data security
Publisher	BSI
Committee	GEL/9/-/6
ICS Codes	35.030 - IT Security

BSI PD CLC/TS 50701:2023

PDF Catalog

Related products