With their presentation "Implementing cybersecurity in model-based reference architectures of railway signalling technology" Martin Weller and Dr. Michael Schaefer presented Thales as a reliable, forward-looking partner in a changing high-specific environment.
Cybersecurity secures infrastructures
Every day IT protected infrastructures are subject to external but also internal attacks. The IT security act, passed by the German Bundestag in 2015, ensures the necessary protection requirements for infrastructure. It explicitly names the transportation sector as a critical infrastructure (KRITIS) to be protected. To this end, suitable measures must be defined and implemented beyond the well-known concept of "functional safety" in signalling over the entire system life cycle.
As a provider of a complete portfolio of railway signalling technology, Thales is currently preparing for new challenges. This comprises an information security management system (ISMS) which includes an intensive security assessment of the existing portfolio. The IT security requirements of our customers, the cybersecurity gap analysis on the legacy portfolio together with IT security standards of the automation industry applied to the railway sector result in a new set of IT security requirements for systems whose implementation and verification must be accompanied by expert advice during the life cycle.
To achieve this, the Thales approach is twofold. On the one hand, the existing products are supplemented by relevant IT security features; on the other hand, new IT security products are defined. The IT security standards require a continuous and timely patching of the software to close known IT security gaps. Solutions must therefore extend the patch cycles, taking into account the cybersecurity risk analysis, the defined IT security protection target and the defined attack risk.
Safety lifecycle and common safety methods must be uniform across Europe
„For a harmonized European evaluation, Thales is supporting the initiative of various CENELEC working groups to complement a specific IT security standard“, says Martin Weller, Head of MLS System Strategy. This European standardization relates to the implementation of the security life cycle in the safety lifecycle and to be used in compliance with the Common Safety Methods (CSM). The definition of a cybersecurity reference architecture in context of the current standardization activities within the framework of the standardization project Neupro (Deutsche Bahn) and their related European instance of EuLynx is another important pillar.
Authors of the presentation:
Martin Weller, Head of MLS System Strategy
Dr. Michael Schaefer, Lead System Architect