Abstract
Some recent incidents have shown that possibly the vulnerability of IT systems in railway automation has been underestimated so far. Fortunately so far almost only denial of service attacks have been successful, but due to several trends, such as the use of commercial IT and communication systems or privatization, the threat potential could increase in the near future. However, up to now, no harmonized IT security requirements for railway automation exist. This paper defines a reference communication architecture which aims to separate IT security and safety requirements as well as certification processes as far as possible, and discusses the threats and IT security objectives including typical assumptions in the railway domain. Finally examples of IT security requirements are stated and discussed based on the approach advocated in the Common Criteria, in the form of a protection profile.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
http://www.nextgov.com/nextgov/ng_20120123_3491.php?oref=topstory (accessed on February 7, 2012)
Stumpf, F.: Datenübertragung über öffentliche Netze im Bahnverkehr – Fluch oder Segen? In: Proc. Safetronic 2010, Hanser, München (2010)
Katzenbeisser, S.: Can trains be hacked? In: 28th Chaos Communication Congress, Hamburg (2011)
Thomas, M.: Accidental Systems, Hidden Assumptions and Safety Assurance. In: Dale, C., Anderson, T. (eds.) Achieving System Safety, Proc. 20th Safety-Critical Systems Symposium. Springer (2012)
Johnson, C.: CyberSafety: CyberSecurity and Safety-Critical Software Engineering. In: Dale, C., Anderson, T. (eds.) Achieving System Safety, Proc. 20th Safety-Critical Systems Symposium. Springer (2012)
EN 50159 Railway applications, Communication, signaling and processing systems –Safety related communication in transmission systems (September 2010)
EN 50129 Railway applications, Communication, signaling and processing systems – Safety-related electronic systems for signaling (February 2003)
ISO/IEC 15408 Information technology — Security techniques — Evaluation criteria for IT security (2009)
ISA 99, Standards of the Industrial Automation and Control System Security Committee of the International Society for Automation (ISA) on information security, http://en.wikipedia.org/wiki/Cyber_security_standards
BITKOM / DIN Kompass der IT-Sicherheitsstandards Leitfaden und Nachschlagewerk 4. Auflage (2009)
Commission Regulation (EC) No. 352/2009 of 24 April 2009 on the adoption of a common safety method on risk evaluation and assessment as referred to in Article 6(3)(a) of Directive 2004/49/EC of the European Parliament and of the Council
Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3, Part 1: Introduction and general model (July 2009)
Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3, Part 2: Functional security components (July 2009)
Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3, Part 3: Assurance security components (July 2009)
Wickinger, T.: Modern Security Management Systems. Signal & Draht, (4) (2001) (in German)
DB AG: European Patent Application EP2 088 052 A2 (2000)
DIN V VDE V 0831-102: Electric signaling systems for railways – Part 102: Protection profile for technical functions in railway signaling, Draft (2012) (in German)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bock, HH., Braband, J., Milius, B., Schäbe, H. (2012). Towards an IT Security Protection Profile for Safety-Related Communication in Railway Automation. In: Ortmeier, F., Daniel, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33678-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-33678-2_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33677-5
Online ISBN: 978-3-642-33678-2
eBook Packages: Computer ScienceComputer Science (R0)