Towards an IT Security Risk Assessment Framework for Railway Automation
Jens Braband
TL;DR
This paper proposes a comprehensive IT security risk assessment framework for railway automation, integrating safety standards with IT security requirements to address increasing vulnerabilities in critical infrastructure systems.
Contribution
It introduces a novel framework that combines safety and security standards, specifically IEC 62425 and IEC 62443, for assessing risks in railway automation systems.
Findings
Framework effectively separates security and safety requirements.
Applicable to other safety-critical domains.
Addresses rising IT vulnerabilities in railway systems.
Abstract
Some recent incidents have shown that possibly the vulnerability of IT systems in railway automation has been underestimated. Fortunately, so far, almost only denial-of-service attacks were successful, but due to several trends, such as the use of commercial IT and communication systems or privatization, the threat potential could increase in the near future. However, up to now, no harmonized IT security risk assessment framework for railway automation exists. This paper defines an IT security risk assessment framework which aims to separate IT security and safety requirements as well as certification processes as far as possible. It builds on the well-known safety and approval processes from IEC 62425 and integrates IT security requirements based on the ISA99/IEC62443 standard series. While the detailed results are related to railway automation the general concepts are also applicable…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Safety Systems Engineering in Autonomy · Transportation Systems and Safety