Standards Development

Scope

This document provides a consistent approach to the management of the cybersecurity of the railway systems. It applies to all domains within the scope of IEC TC 9.

This document maps and adapts IEC 62443 series standards requirements to the railway application domain and operational environment and details how the requirements are applied in that context. It provides guidance on how the security process can be interfaced with the generic reliability, availability, maintainability and safety (RAMS) life cycle of the IEC 62278 series standards. By doing so, it defines synchronisation points between stakeholders and proposes responsibilities. It presents the underlying security assumptions in a structured manner and the criteria for application to other lifecycles is also provided.

This document is consistent with the application of security management requirements set out in IEC 62443‑2‑1:2010. It provides security models, security concepts and risk assessment process based on the IEC 62443 series standards and describes the typical expected content for cybersecurity deliverables. This ensures that the residual risks from security threats are identified, supervised and managed to a level that is acceptable to the railway undertaking and/or infrastructure manager.

This document aims to provide support and guidance to ensure a proper protection of the key stakes (such as safety, operation, financial, reputation, regulatory, social) of a railway SuC against cyber-attacks and unintended consequences of configuration or maintenance activities.

This document also provides guidance on the cybersecurity assurance of SuCs during build phase and provides recommendations for security management during operation and maintenance phases.

Finally, this document does not provide any safety requirements nor constraints on safety case for railway systems but provides guidance for relationship between cybersecurity and safety.