Electric signalling systems for railways - Part 105: Risk-based assessment and handling of IT-security vulnerabilities and incidents
Abstract
This document is applicable to safetyrelated electrical, electronic and programmable electronic (E/E/PES) systems including subsystems and equipment for electrical railway signalling systems. This document describes activities and methods with the aim of specifying a procedure for handling IT security vulnerabilities and incidents. Risk-based statements on implementation times for measures are also specified for this purpose. This document is applicable to the assessment and handling of risks arising from IT security threats as a result of security gaps. It does not address vulnerabilities in functional security or physical access. It also does not address vulnerabilities caused solely by the fact that, in the case of time-limited documents which were the basis for bringing the system into operation, expired. Suitable processes for the timely extension / renewal of these bases are to be defined elsewhere. Only the basic steps are explained, the details must be regulated in the applied guidelines and processes at the operator / manufacturer.
Begin
2023-07-11
Planned document number
DIN VDE V 0831-105
Project number
02231691