NA 022

DKE German Commission for Electrical, Electronic & Information Technologies of DIN and VDE

Project

Electric signalling systems for railways - Part 105: Risk-based assessment and handling of IT-security vulnerabilities and incidents

Abstract

This document is applicable to safetyrelated electrical, electronic and programmable electronic (E/E/PES) systems including subsystems and equipment for electrical railway signalling systems. This document describes activities and methods with the aim of specifying a procedure for handling IT security vulnerabilities and incidents. Risk-based statements on implementation times for measures are also specified for this purpose. This document is applicable to the assessment and handling of risks arising from IT security threats as a result of security gaps. It does not address vulnerabilities in functional security or physical access. It also does not address vulnerabilities caused solely by the fact that, in the case of time-limited documents which were the basis for bringing the system into operation, expired. Suitable processes for the timely extension / renewal of these bases are to be defined elsewhere. Only the basic steps are explained, the details must be regulated in the applied guidelines and processes at the operator / manufacturer.

Begin

2023-07-11

Planned document number

DIN VDE V 0831-105

Project number

02231691

Responsible national committee

DKE/UK 351.3 - Bahn-Signalanlagen  

Contact

Deniz Serifsoy

Merianstr. 28
63069 Offenbach am Main

Tel.: +49 69 6308-434

Send message to contact