The Fifth International Conference on Railway Technology: Research, Development and Maintenance is being held in Montpellier, France from the 22nd to the 25th of August. Digital Transit have submitted a paper for this conference titled “Railway Cyber Security and TS50701”. The paper was written by Dr Howard J. Parkinson (DTL), Daniel Basher (DTL) and Gary Bamford (Arnmore Limited).
The themes for this conference will include (but are not limited to):
- Rolling Stock
- Infrastructure
- Energy and Environment
- Signalling and Communication
- Operations
- Strategies and Economics
- Emerging Technologies
Digital Transit focused on the field of Cyber Security in the paper, specifically looking at the operational technology cyber security (OTCS) of rail systems, and how they are lagging behind other industries such as aviation. For the short paper, standards, guidance and research papers including the new CENELEC technical specification TS50701 were reviewed. Gaps in the coverage of this literature were identified, as well as further work that needs to be done to ensure the railway becomes more cyber secure in the future.
Some of the key findings of the paper included:
- The IEC 62443 family of standards and guidance provides comprehensive guidance on securing control systems and are applicable internationally. However, the railway has many unique features that require specialised requirements, specifically the distributed nature and the complicated ownership model that the railway employs, that IEC 62443 does not consider. TS50701 now fills this gap in coverage.
- There was no evidence that the research sufficiently identifies the consequences of cyber-attacks for use in a risk assessment. In comparison safety risk assessments have access to clearer consequences for accidents [7]
- To help improve TS50701, further case studies are required on its application. It needs further work before it becomes an Euronorm.
Image from: https://www.cencenelec.eu/news-and-events/
