Safety and Security Concepts in Rail Operations
In the railway industry, ensuring the safety and integrity of critical infrastructure is paramount.
On one hand, the increasing integration of digital technologies in railways, such as advanced signalling systems, automated train controls, and smart maintenance solutions have enhanced the overall efficiency of railway operations. However, this digital transformation also introduces new risks, making the security of industrial control systems increasingly important.
Cyber security threats such as malware, ransomware, and sophisticated cyber-attacks can disrupt critical industrial control systems (ICS), potentially leading to severe failures, service interruptions, and even accidents. Therefore, ensuring robust security measures for ICS is vital, not only to safeguard railway operations but also to protect passenger safety and maintain service reliability.
Combining Safety and Security in Railway Signalling
In railways, safety and security are distinct yet interrelated concepts that are critical to the integrity and reliability of railway operations. Safety refers to the measures and practices designed to prevent accidents, injuries, and harm to passengers, staff, and the public. On the other hand, security in railways refers to the measures and practices aimed at protecting railway systems, infrastructure, and users from intentional harm caused by malicious activities such as sabotage and cyber-attacks. Modern train detection systems offer a solution to fulfil the requirements of both concepts, facilitating the transmission of information to signalling and diagnostic systems.
Achieving a balance between both safety and security is especially crucial for signalling systems. Safety and security share the same intention of keeping the system running, but they differ in their lifecycle. However, standards such as the TS 50701 link the worlds of safety and security together by creating synchronisation points between both lifecycles. This harmonisation integrates safety measures, as defined by CENELEC standards, with security procedures to provide comprehensive protection. By aligning safety and security efforts together, railway operators can effectively mitigate risks and maintain the reliability and safety of their signalling systems throughout their entire lifecycle.
For instance, by integrating both safety and security concepts into the development and implementation of axle counting systems according to standards such as EULYNX, railway operators can protect the safety of their infrastructure, while fostering greater interoperability and product diversity.
Safety Concepts in Railway Operations
Railway safety concepts ensure operational safety by designing frameworks for developing, installing, and utilising signalling technology, which includes axle counters. For instance, the implementation of RAMS (Reliability, Availability, Maintainability, Safety) concepts ensures ongoing compliance throughout the product lifecycle and maintains continuous safety standards. This comprehensive approach starts with the initial stages of product development, where rigorous safety assessments and reliability analyses are conducted. It then moves to the operational phase, where systems must meet stringent availability requirements to support uninterrupted service. Moreover, the maintainability aspect ensures that infrastructure components can be efficiently serviced and repaired, minimising downtime and enhancing overall reliability. Thanks to RAMS, the entire lifecycle is fully addressed in the standards EN 50126-1/-2. As a result, railway operators can uphold stringent safety standards and operational performance, safeguarding both passengers and assets across the duration of the product lifecycle.
When it comes to safety, another important concept to consider is the Safety Integrity Level (SIL). Safety Integrity Levels range from SIL 1 to SIL 4, with SIL 1 being the lowest and SIL 4 the highest. Each SIL level corresponds to a tenfold increase in risk reduction, with higher SIL levels indicating greater safety and lower likelihood of system failure. Determining the appropriate SIL level for a system involves extensive risk assessment and reliability analysis to ensure that the safety mechanisms in place are sufficient to reduce potential hazards to acceptable levels.
In cases of significant adaptations to a system component, any resulting changes must be documented and subjected to intensive testing before reintroduction into operation. For example, relevant regulations pertaining to software in safety critical systems are defined in EN 50716. This standard provides a clear roadmap outlining detailed requirements for each stage of the development process, from software requirements to the final validation and acceptance of safety functionalities.
When it comes to managing the different lifecycles of safety and security, object controllers, including our renowned axle counting system, the Frauscher Advanced Counter FAdC® offer an efficient and effective solution. The FAdC® also possesses EULYNX capabilities which allows Frauscher to deliver an object controller solution that prioritises top-tier safety and security standards. This in turn enables the creation of modern and future-proof architectures with a more effective and simplified life-cycle management.
Cyber Security in Railway Operations
Cyber security concepts consider all types of potential risks and threats that could harm a system in operation, such as a train detection system in a railway network. These concepts address a wide range of potential risks that could compromise the operation of a system, and they encompass both physical and cyber threats. Such threats could include causal or coincidental violations, cyber crime and hacktivists, all of which potentially lead to various damages and security violations.
When it comes to cyber security, there are two main factors to be considered: vulnerabilities and threats. Vulnerabilities might happen because of mistakes made during development. Threats on the other hand, are caused by external protagonists who are looking for vulnerabilities which can be used to harm the system. The IEC 62443 standard sets out four levels of security. Each level says how much protection is needed against certain dangers:
Security Level 1: Protection against casual or coincidental violation
Security Level 2: Protection against intentional violation using simple means with low resources, generic skills, and low motivation
Security Level 3: Protection against intentional violation using sophisticated means with moderate resources
Security Level 4: Protection against intentional violation using sophisticated means with extended resources
Regarding cyber security, there is another concept which is particularly noteworthy, called defense in depth. Defense in depth involves the implementation of multiple security measures and checks which are designed to protect the system against cyber security threats. Instead of relying on a single layer of defense, this concept aims to create overlapping layers of security checks, each capable of detecting, preventing, or mitigating different types of attacks. By creating multiple layers of defense across network infrastructure, applications and data, the chance of a successful security breach is minimised which in turn enhances the overall resilience of the system. Additionally, defense in depth incorporates continuous monitoring, incident response planning, and regular security updates to adapt to evolving threats and maintain robust protection over time.
Furthermore, cyber security verification and validation form important parts of the system acceptance and must be completed before the system is handed to the operator. Cyber security verification acts as a confirmation, through the provision of objective evidence, that specified requirements have been fulfilled. Cyber security verification is performed during different phases of the development lifecycle, assessing the system and its components to ensure they meet the requirements established at the start of each lifecycle phase.
In each phase, cyber security verification deals with various factors, which among others, include the correctness and adequacy of security risk assessments, adequacy of specified tools and techniques used within the lifecycle phase as well as the correctness and consistency of test specifications and executed tests.
In contrast, cyber security validation ensures that these security measures adequately protect against risks in real-world situations. This process includes ongoing monitoring, incident response drills and regular audits to make sure that security measures are working as intended and provide the necessary protection. By integrating comprehensive cyber security verification and validation processes, railway operators can maintain the robustness of their systems, safeguarding against both current and emerging threats.
www.frauscher.com