Advertisement

Towards an IT Security Protection Profile for Safety-Related Communication in Railway Automation

  • Hans-Hermann Bock
  • Jens Braband
  • Birgit Milius
  • Hendrik Schäbe
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7612)

Abstract

Some recent incidents have shown that possibly the vulnerability of IT systems in railway automation has been underestimated so far. Fortunately so far almost only denial of service attacks have been successful, but due to several trends, such as the use of commercial IT and communication systems or privatization, the threat potential could increase in the near future. However, up to now, no harmonized IT security requirements for railway automation exist. This paper defines a reference communication architecture which aims to separate IT security and safety requirements as well as certification processes as far as possible, and discusses the threats and IT security objectives including typical assumptions in the railway domain. Finally examples of IT security requirements are stated and discussed based on the approach advocated in the Common Criteria, in the form of a protection profile.

Keywords

Railway IT Security Safety Threats IT Security Requirements Protection Profile 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Stumpf, F.: Datenübertragung über öffentliche Netze im Bahnverkehr – Fluch oder Segen? In: Proc. Safetronic 2010, Hanser, München (2010)Google Scholar
  3. 3.
    Katzenbeisser, S.: Can trains be hacked? In: 28th Chaos Communication Congress, Hamburg (2011)Google Scholar
  4. 4.
    Thomas, M.: Accidental Systems, Hidden Assumptions and Safety Assurance. In: Dale, C., Anderson, T. (eds.) Achieving System Safety, Proc. 20th Safety-Critical Systems Symposium. Springer (2012)Google Scholar
  5. 5.
    Johnson, C.: CyberSafety: CyberSecurity and Safety-Critical Software Engineering. In: Dale, C., Anderson, T. (eds.) Achieving System Safety, Proc. 20th Safety-Critical Systems Symposium. Springer (2012)Google Scholar
  6. 6.
    EN 50159 Railway applications, Communication, signaling and processing systems –Safety related communication in transmission systems (September 2010)Google Scholar
  7. 7.
    EN 50129 Railway applications, Communication, signaling and processing systems – Safety-related electronic systems for signaling (February 2003)Google Scholar
  8. 8.
    ISO/IEC 15408 Information technology — Security techniques — Evaluation criteria for IT security (2009)Google Scholar
  9. 9.
    ISA 99, Standards of the Industrial Automation and Control System Security Committee of the International Society for Automation (ISA) on information security, http://en.wikipedia.org/wiki/Cyber_security_standards
  10. 10.
    BITKOM / DIN Kompass der IT-Sicherheitsstandards Leitfaden und Nachschlagewerk 4. Auflage (2009)Google Scholar
  11. 11.
    Commission Regulation (EC) No. 352/2009 of 24 April 2009 on the adoption of a common safety method on risk evaluation and assessment as referred to in Article 6(3)(a) of Directive 2004/49/EC of the European Parliament and of the Council Google Scholar
  12. 12.
    Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3, Part 1: Introduction and general model (July 2009)Google Scholar
  13. 13.
    Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3, Part 2: Functional security components (July 2009)Google Scholar
  14. 14.
    Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3, Part 3: Assurance security components (July 2009)Google Scholar
  15. 15.
    Wickinger, T.: Modern Security Management Systems. Signal & Draht, (4) (2001) (in German)Google Scholar
  16. 16.
    DB AG: European Patent Application EP2 088 052 A2 (2000)Google Scholar
  17. 17.
    DIN V VDE V 0831-102: Electric signaling systems for railways – Part 102: Protection profile for technical functions in railway signaling, Draft (2012) (in German)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Hans-Hermann Bock
    • 1
  • Jens Braband
    • 2
  • Birgit Milius
    • 3
  • Hendrik Schäbe
    • 4
  1. 1.Deutsche Bahn AGBerlinGermany
  2. 2.Siemens AGBraunschweigGermany
  3. 3.TU BraunschweigBraunschweigGermany
  4. 4.TÜV RheinlandKölnGermany

Personalised recommendations