Transformation of cyber security/safety assurance

George Bearfield; Coen van Gulijk; Simon Parkinson; Richard J Thomas

Transformation of cyber security/safety assurance

George Bearfield, Coen van Gulijk, Simon Parkinson, Richard J Thomas

Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

216 Downloads (Pure)

Abstract

In the past decade rapid digitalisation of railway assets-including signalling and rolling stock -has occurred in parallel with a rising cyber security threat to critical national infrastructure. Rail safety requirements remain stringent and legacy standards for delivering safe, high integrity, complex digital systems exist. Security standards are emerging which implement some of the same principles of design and assurance as these safety standards, but do not do so in an integrated way with the safety discipline. There are two fundamental challenges emerging. The first is that safety design requirements and security design requirements have parallel principles and constraints related to segregation and partitioning of systems and networks in the design, but no proven good practice exists for how to meet both sets of requirementsin an integrated way for any given asset. The second is that the verification and validation life cycle used in functional safety standards and emerging cyber security design standards is idealised. It assumes a top-down cascade of requirements for each delivery project. It is increasingly difficult to meet these requirements in practice. This paper explains the many challenges in order to inform subsequent research, standardisation and industry activity needed to address them.

Original language	English
Title of host publication	World Congress on Railway Research (WCRR) 2022, Birmingham, UK
Publisher	SPARK
Publication status	E-pub ahead of print - 10 Jan 2023
Event	World Congress on Railway Research 2022: WCRR2022 - Birmingham, Birmingham, United Kingdom Duration: 6 Jun 2022 → 10 Jun 2022 https://www.wcrr2022.co.uk/website/938/homepage/

Publication series

Name	WCRR Papers

Conference

Conference	World Congress on Railway Research 2022
Abbreviated title	WCRR2022
Country/Territory	United Kingdom
City	Birmingham
Period	6/06/22 → 10/06/22
Internet address	https://www.wcrr2022.co.uk/website/938/homepage/

Access to Document

ThomasR2022TransformationAccepted author manuscript, 348 KBLicence: None: All rights reserved

https://www.sparkrail.org/Lists/Records/DispForm.aspx?ID=27845Licence: None: All rights reserved

Effective Solutions for the NIS Directive - Supply Chain Requirements for Third Party Devices
Chothia, T., Thomas, R. & Easton, J.
1/01/19 → 30/09/21
Project: Other Government Departments

Cite this

@inproceedings{96e57076569f46be92ded157308b1533,

title = "Transformation of cyber security/safety assurance",

abstract = "In the past decade rapid digitalisation of railway assets-including signalling and rolling stock -has occurred in parallel with a rising cyber security threat to critical national infrastructure. Rail safety requirements remain stringent and legacy standards for delivering safe, high integrity, complex digital systems exist. Security standards are emerging which implement some of the same principles of design and assurance as these safety standards, but do not do so in an integrated way with the safety discipline. There are two fundamental challenges emerging. The first is that safety design requirements and security design requirements have parallel principles and constraints related to segregation and partitioning of systems and networks in the design, but no proven good practice exists for how to meet both sets of requirementsin an integrated way for any given asset. The second is that the verification and validation life cycle used in functional safety standards and emerging cyber security design standards is idealised. It assumes a top-down cascade of requirements for each delivery project. It is increasingly difficult to meet these requirements in practice. This paper explains the many challenges in order to inform subsequent research, standardisation and industry activity needed to address them.",

author = "George Bearfield and {van Gulijk}, Coen and Simon Parkinson and Thomas, {Richard J}",

year = "2023",

month = jan,

day = "10",

language = "English",

series = "WCRR Papers",

publisher = "SPARK",

booktitle = "World Congress on Railway Research (WCRR) 2022, Birmingham, UK",

note = "World Congress on Railway Research 2022 : WCRR2022, WCRR2022 ; Conference date: 06-06-2022 Through 10-06-2022",

url = "https://www.wcrr2022.co.uk/website/938/homepage/",

}

TY - GEN

T1 - Transformation of cyber security/safety assurance

AU - Bearfield, George

AU - van Gulijk, Coen

AU - Parkinson, Simon

AU - Thomas, Richard J

PY - 2023/1/10

Y1 - 2023/1/10

N2 - In the past decade rapid digitalisation of railway assets-including signalling and rolling stock -has occurred in parallel with a rising cyber security threat to critical national infrastructure. Rail safety requirements remain stringent and legacy standards for delivering safe, high integrity, complex digital systems exist. Security standards are emerging which implement some of the same principles of design and assurance as these safety standards, but do not do so in an integrated way with the safety discipline. There are two fundamental challenges emerging. The first is that safety design requirements and security design requirements have parallel principles and constraints related to segregation and partitioning of systems and networks in the design, but no proven good practice exists for how to meet both sets of requirementsin an integrated way for any given asset. The second is that the verification and validation life cycle used in functional safety standards and emerging cyber security design standards is idealised. It assumes a top-down cascade of requirements for each delivery project. It is increasingly difficult to meet these requirements in practice. This paper explains the many challenges in order to inform subsequent research, standardisation and industry activity needed to address them.

AB - In the past decade rapid digitalisation of railway assets-including signalling and rolling stock -has occurred in parallel with a rising cyber security threat to critical national infrastructure. Rail safety requirements remain stringent and legacy standards for delivering safe, high integrity, complex digital systems exist. Security standards are emerging which implement some of the same principles of design and assurance as these safety standards, but do not do so in an integrated way with the safety discipline. There are two fundamental challenges emerging. The first is that safety design requirements and security design requirements have parallel principles and constraints related to segregation and partitioning of systems and networks in the design, but no proven good practice exists for how to meet both sets of requirementsin an integrated way for any given asset. The second is that the verification and validation life cycle used in functional safety standards and emerging cyber security design standards is idealised. It assumes a top-down cascade of requirements for each delivery project. It is increasingly difficult to meet these requirements in practice. This paper explains the many challenges in order to inform subsequent research, standardisation and industry activity needed to address them.

UR - https://www.sparkrail.org/Pages/WCRR.aspx

M3 - Conference contribution

T3 - WCRR Papers

BT - World Congress on Railway Research (WCRR) 2022, Birmingham, UK

PB - SPARK

T2 - World Congress on Railway Research 2022

Y2 - 6 June 2022 through 10 June 2022

ER -

Transformation of cyber security/safety assurance

Abstract

Publication series

Conference

Access to Document

Fingerprint

Projects

Effective Solutions for the NIS Directive - Supply Chain Requirements for Third Party Devices

Cite this