DZSF – Projecting security requirements and evaluating prospective safety concepts for the railway system

The DZSF research project "Projecting security requirements and evaluating prospective safety concepts for the railway system" teams up Nextrail, INCYDE, the University of Passau und the Fraunhofer Institute for Secure Information Technology (SIT) in an effort to accurately assess the requirements regarding railway trend assessment, security needs and skills using knowledge from other industries.

The railway system is at the beginning of a digitalisation wave that is about to roll through all the works and participating systems. Through it, the ambitious goals of boosting capacities while improving punctuality and robustness will be achieved. For implementation, strategies have been mapped out for each individual section on the strength of previously selected technologies and concepts. In many areas, however, such technologies and concepts are yet unclear. To ensure early on that integrity and availability is guaranteed even after the systems have been rigorously integrated into a network, potential new technologies must be anticipated and the security precautions they will require need to be established now. This is the only way to prepare the ground for later migration, integration and protection in the sense of cybersecurity.

A safety standard that accommodates the peculiarities of the railway is needed to ensure operation in the long run and thus improve stability. The project's overriding objective is to proactively take into account future security aspects and not simply to respond to attacks. As various technical systems are and become available – and these are at risk of being subjected to external attacks as well – the various means of protection currently obtainable need to be analysed first before the future need for protection and technical developments are assessed. Appraising effective and efficient security concepts for the railway system will help to ensure the implementation of strategies that accommodate its specific requirements. Such strategies resort to standard systems like firewalls or encryption software but also involve the development and use of monitoring systems or tests using red/blue teams with a view to identifying and evaluating system vulnerabilities. Once a projection has been developed that assesses the usability of new technologies in the railway sector, such as IoT, FRMCS, ATO, security standards will be defined based on it. This process will draw on the experience of various partners from wide-ranging industry sectors. The project will serve as spadework in preparation for the creation of a branch-specific security concept.

The project was commissioned by the German Centre for Rail Traffic Research (DZSF), an institute within the Federal Railway Authority (EBA), and has a duration of 3 years.