Transformation of Cyber Security/Safety Assurance
conference paper
In the past decade rapid digitalisation of railway assets - including signalling and rolling stock - has occurred in parallel with a rising cyber security threat to critical national infrastructure. Rail safety requirements remain stringent and legacy standards for delivering safe, high integrity, complex digital systems exist. Security standards are emerging which implement some of the same principles of design and assurance as these safety standards, but do not do so in an integrated way with the safety discipline. There are two fundamental challenges emerging. The first is that safety design requirements and security design requirements have parallel principles and constraints related to segregation and partitioning of systems and networks in the design, but no proven good practice exists for how to meet both sets of requirements in an integrated way for any given asset. The second is that the verification and validation lifecycle used in functional safety standards and emerging cyber security design standards is idealised. It assumes a top-down cascade of requirements for each delivery project. It is increasingly difficult to meet these requirements in practice. This paper explains the many challenges in order to inform subsequent research, standardisation and industry activity needed to address them.
TNO Identifier
970727
Source title
Reshaping our railways post-pandemic: Research with an impact, 6-10 June, Birmingham, United Kingdom
Files
To receive the publication files, please send an e-mail request to TNO Repository.