Cyber security requirements for railway control systems according to standard IEC 62443

Abstract

Modern railway control systems are based on computer and embedded systems. This components are connected directly via ICT networks, it is also possible to use wireless industrial networks. Cyber security attacks in automation control systems are becoming more dangerous and common. To protect these safety critical systems, the standard IEC 62443 has been developed. This standard provides guidelines and requirements for industrial automation and control systems which also apply to railway systems. This article is mainly focused on chapter IEC 62443-4-2 which provides Technical security requirements for IACS components. Proper protection against cyber attacks is also important for maintaining RAMS parameters (Reliability, Availability, Maintainability and Safety). Railway control systems performs mainly safety critical functionality which are related with railway traffic management. Safety related control algorithms and vital modules cannot be disturbed by security mechanisms and functions. The analysis of cyber threats should be performed by railway infrastructure operators in cooperation with manufacturers of railway control systems. It is important to determine what level of requirements fulfilment according to standard IEC 62443 must be met (security level). Railway traffic control systems are long life and high availability systems, therefore they should be properly maintained during lifecycle. The manufacturer of railway control systems and end user should together develop a policy and guidelines for securing the systems against cyber attacks.