Guidelines for Cyber-Security in Railways
The UIC ARGUS WG decided to produce an enforced document in order to provide specific guidance to the ‘Railway’. This guidance document is designed to support the rail industry in reducing its vulnerability to cyber-attack and to be able to ensure availability, integrity, confidentiality of Railway system and data during all the life of the network.
This document has a particular, but not exclusive, focus on signaling and telecommunication within railway and will take account of the “system design”, describe how to evaluate the security needs through ISO27001 and using best practices applied in others industries, as aeronautics, nuclear power energy and military.
ISO27001 is an information security standard, describes controls that an organization needs to implement to ensure that it managing these risks. Information Security Management always associates to the implementation of an Information Security Management Systems (ISMS), in order to secure business (here Railway) information and to maintain the information environment.
To implement this Standard, the reader is considered to be proficient in security architecture methodologies and familiar with the normative references in this Standard. Organizations which adapt the general approach of management information security obtain an advantage due to the fact that (ISMS) assure the reliability of an organization’s information security arrangement by other organizations. The main benefits are the avoidance of unavailability of signaling systems, as well as prevent actions contrary to safety.
The explosive development of the networking technologies oblige the railways to apply more and more in signaling the open networks including parts of the public networks. This context introduces new opportunities but also risks. The availability of the networks, in particular if it is common with other open systems could be critical for preservation of performance and especially for safety.
It is essential that we continue to deliver safe, reliable, and efficient railway services as we face ever evolving cyber threats. As the inevitable digitization of the railway progresses we must act together, now, to protect our railway cyberspace.
|Author||UIC - Rail System Department|
- Ed. no.1
- Edition date
- Publication date
- Page number
- Infrastructure Security Safety Signalling Technology Information technology Informatique Infrastructure Sécurité Technique Sûreté Signalisation
- Paper size
- 21 x 29,7cm