Railway applications - Cybersecurity
|Number of Standard:||CLC/TS 50701:2023|
The CLC/TS 50701:2023 standard deals with railway applications and their cyber security. The objective of this standard is to provide guidelines and recommendations for the protection of information technology in railway systems against possible cyber threats. The CLC/TS 50701 standard contains several key aspects related to cyber security in railway applications:
1. Identification of threats and risks: The standard defines processes for the identification, assessment and management of cyber threats and risks in railway applications. This includes identifying potential vulnerabilities and possible attacks, as well as assessing their impact on operations and security.
2. Protection of critical functions: The standard proposes measures for the protection of critical functions in railway applications. This includes technical measures such as data encryption, user authentication, access rights management and network monitoring.
3. Incident management: The standard defines procedures for managing cyber incidents in railway applications. This includes incident reporting, investigation and analysis, and taking appropriate action to minimize harm.
4. Safe development processes: The standard recommends the implementation of safe development processes for railway applications. This includes risk analysis, test.
CLC/TS 50701 Railway applications - Cybersecurity
-provides to the railway operators, system integrators and product suppliers, with guidance and specifications on how cybersecurity will be managed in the context of the EN 50126-1 RAMS lifecycle process. This document aims at the implementation of a consistent approach to the management of the security of the railway systems. This document can also be applied to the security assurance of systems and components/equipment developed independently of EN 50126. This document applies to Communications, Signalling and Processing domain, to Rolling Stock and to Fixed Installations domains. It provides references to models and concepts from which requirements and recommendations can be derived and that are suitable to ensure that the residual risk from security threats is identified, supervised and managed to an acceptable level by the railway system duty holder. It presents the underlying security assumptions in a structured manner. This document does not address functional safety requirements for railway systems but rather additional requirements arising from threats and related security vulnerabilities and for which specific measures and activities need to be taken and managed throughout the lifecycle. The aim of this technical specification is to ensure that the RAMS characteristics of railway systems / subsystems / equipment cannot be reduced, lost or compromised in the case of intentional attacks. The security models, the concepts and the risk assessment process described in this document are based on or derived from IEC 62443 series standards. In particular, this document is consistent with the application of security management requirements contained within the IEC 62443-2-1 and which are based on EN ISO 27001 and EN ISO 27002
IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems
Railway Applications - The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS) - Part 1: Generic RAMS Process