iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CLC

CLC/TS 50701:2021

(Main)

Railway applications - Cybersecurity

Railway applications - Cybersecurity

This document provides to the railway operators, system integrators and product suppliers, with guidance and specifications on how cybersecurity will be managed in the context of the EN 50126-1 RAMS lifecycle process. This document aims at the implementation of a consistent approach to the management of the security of the railway systems. This document can also be applied to the security assurance of systems and components/equipment developed independently of EN 50126. This document applies to Communications, Signalling and Processing domain, to Rolling Stock and to Fixed Installations domains. It provides references to models and concepts from which requirements and recommendations can be derived and that are suitable to ensure that the residual risk from security threats is identified, supervised and managed to an acceptable level by the railway system duty holder. It presents the underlying security assumptions in a structured manner. This document does not address functional safety requirements for railway systems but rather additional requirements arising from threats and related security vulnerabilities and for which specific measures and activities need to be taken and managed throughout the lifecycle. The aim of this technical specification is to ensure that the RAMS characteristics of railway systems / subsystems / equipment cannot be reduced, lost or compromised in the case of intentional attacks. The security models, the concepts and the risk assessment process described in this document are based on or derived from IEC 62443 series standards. In particular, this document is consistent with the application of security management requirements contained within the IEC 62443-2-1 and which are based on EN ISO 27001 and EN ISO 27002

Bahnanwendungen - Cybersecurity

Applications ferroviaires - Cybersécurité

Železniške naprave - Kibernetska varnost

General Information

Status
Withdrawn
Publication Date
08-Jul-2021
ICS
35.030 - IT Security
45.020 - Railway engineering in general
Technical Committee
CLC/TC 9X - Electrical and electronic applications for railways
Drafting Committee
CLC/TC 9X/WG 26 - IT-Security / Cybersecurity in the railway sector
Current Stage
Ref Project
SIST-TS CLC/TS 50701:2021 - Railway applications - Cybersecurity

Relations

Replaced By
CLC/TS 50701:2023 - Railway applications - Cybersecurity
Effective Date
31-Aug-2021

Buy Standard

TS CLC/TS 50701:2021 - BARVETS CLC/TS 50701:2021 - BARVE
PreviousNext
Technical specification
TS CLC/TS 50701:2021 - BARVE
English language
161 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-september-2021
Železniške naprave - Kibernetska varnost
Railway applications - Cybersecurity
Bahnanwendungen - Cybersecurity
Applications ferroviaires - Cybersécurité
Ta slovenski standard je istoveten z: CLC/TS 50701:2021
ICS:
35.030 Informacijska varnost IT Security
45.020 Železniška tehnika na Railway engineering in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL SPECIFICATION CLC/TS 50701

SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
July 2021
ICS 35.030; 45.020
English Version
Railway applications - Cybersecurity
Applications ferroviaires - Cybersécurité Bahnanwendungen - IT-Sicherheit
This Technical Specification was approved by CENELEC on 2021-05-11.

CENELEC members are required to announce the existence of this TS in the same way as for an EN and to make the TS available promptly
at national level in an appropriate form. It is permissible to keep conflicting national standards in force.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. CLC/TS 50701:2021 E
Contents Page
European foreword . 6
Introduction . 7
1 Scope . 8
2 Normative references . 8
3 Terms, definitions and abbreviations. 8
3.1 Terms and definitions . 8
3.2 Abbreviations .24
4 Railway system overview .26
4.1 Introduction .26
4.2 Railway asset model .27
4.3 Railway physical architecture model .28
4.4 High-level railway zone model .29
5 Cybersecurity within a railway application lifecycle .31
5.1 Introduction .31
5.2 Railway application and product lifecycles .31
5.3 Activities, synchronization and deliverables .31
5.4 Cybersecurity context and cybersecurity management plan .35
5.5 Relationship between cybersecurity and essential functions .35
5.5.1 General .35
5.5.2 Defence in depth .35
5.5.3 Security-related application conditions .36
5.5.4 Interfaces between the safety and the cybersecurity processes .37
5.6 Cybersecurity assurance process .38
6 System definition and initial risk assessment .39
6.1 Introduction .39
6.2 Identification of the system under consideration .40
6.2.1 Definition of the SuC.40
6.2.2 Overall functional description .41
6.2.3 Access to the SuC .41
6.2.4 Essential functions.41
6.2.5 Assets supporting the essential functions .42
6.2.6 Threat landscape .42
6.3 Initial risk assessment .42
6.3.1 Impact assessment.42
6.3.2 Likelihood assessment .43
6.3.3 Risk evaluation .44
6.4 Partitioning of the SuC .45
6.4.1 Criteria for zones and conduits breakdown . 45
6.4.2 Process for zones and conduits breakdown . 45
6.5 Output and documentation . 46
6.5.1 Description of the system under consideration . 46
6.5.2 Documentation of the initial risk assessment . 46
6.5.3 Definition of zones and conduits . 46
7 Detailed risk assessment . 47
7.1 General aspects . 47
7.2 Establishment of cybersecurity requirements . 48
7.2.1 General . 48
7.2.2 Threat identification and vulnerability identification . 49
7.2.3 Vulnerability identification . 51
7.2.4 Risk acceptance principles . 51
7.2.5 Derivation of SL-T by explicit risk evaluation . 53
7.2.6 Determine initial SL . 55
7.2.7 Determine countermeasures from EN IEC 62443-3-3 . 56
7.2.8 Risk estimation and evaluation . 56
7.2.9 Determine security level target . 58
7.2.10 Cybersecurity requirements specification for zones and conduits . 58
8 Cybersecurity requirements . 59
8.1 Objectives . 59
8.2 System security requirements . 59
8.3 Apportionment of cybersecurity requirements . 74
8.3.1 Objectives . 74
8.3.2 Break down of system requirements to subsystem level . 75
8.3.3 System requirement allocation at component level . 75
8.3.4 Specific consideration for implementation of cybersecurity requirement on components . 76
8.3.5 Requirement breakdown structure as verification . 76
8.3.6 Compensating countermeasures . 77
9 Cybersecurity assurance and system acceptance for operation . 78
9.1 Overview . 78
9.2 Cybersecurity case . 79
9.3 Cybersecurity verification . 80
9.3.1 General . 80
9.3.2 Cybersecurity integration and verification . 80
9.3.3 Assessment of results . 82
9.4 Cybersecurity validation . 82
9.5 Cybersecurity system acceptance . 83
9.5.1 Independence . 83
9.5.2 Objectives . 83
9.5.3 Activities . 83
9.5.4 Cybersecurity handover .83
10 Operational, maintenance and disposal requirements .83
10.1 Introduction .83
10.2 Vulnerability management .84
10.3 Security patch management .85
10.3.1 General .85
10.3.2 Patching systems while ensuring operational requirements .86
Annex A (informative) Handling conduits . 89
Annex B (informative) Handling legacy systems . 92
Annex C (informative) Cybersecurity design principles . 98
Annex D (informative) Safety and security .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CLC
CLC/TS 50701:2023(Main)
Railway applications - Cybersecurity
SIST-TS CLC/TS 50701:2024

This document provides railway operators, system integrators and product suppliers, with guidance and specifications on how cybersecurity will be managed in the context of EN 50126 1 RAMS lifecycle process. This document aims at the implementation of a consistent approach to the management of the security of the railway systems. This document can also be applied to the security assurance of systems and components/equipment developed independently of EN 50126 1:2017. This document applies to Communications, Signalling and Processing domain, to Rolling Stock and to Fixed Installations domains. It provides references to models and concepts from which requirements and recommendations can be derived and that are suitable to ensure that the residual risk from security threats is identified, supervised and managed to an acceptable level by the railway system duty holder. It presents the underlying security assumptions in a structured manner. This document does not address functional safety requirements for railway systems but rather additional requirements arising from threats and related security vulnerabilities and for which specific measures and activities need to be taken and managed throughout the lifecycle. The aim of this document is to ensure that the RAMS characteristics of railway systems / subsystems / equipment cannot be reduced, lost or compromised in the case of cyber attacks. The security models, the concepts and the risk assessment process described in this document are based on or derived from the IEC/EN IEC 62443 series. This document is consistent with the application of security management requirements contained within IEC 62443 2 1, which in turn are based on EN ISO/IEC 27001 and EN ISO 27002.

  • Technical specification
    164 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
CLC/TS 50701:2023(Main)
Railway applications - Cybersecurity
SIST-TS CLC/TS 50701:2024

This document provides railway operators, system integrators and product suppliers, with guidance and specifications on how cybersecurity will be managed in the context of EN 50126 1 RAMS lifecycle process. This document aims at the implementation of a consistent approach to the management of the security of the railway systems. This document can also be applied to the security assurance of systems and components/equipment developed independently of EN 50126 1:2017. This document applies to Communications, Signalling and Processing domain, to Rolling Stock and to Fixed Installations domains. It provides references to models and concepts from which requirements and recommendations can be derived and that are suitable to ensure that the residual risk from security threats is identified, supervised and managed to an acceptable level by the railway system duty holder. It presents the underlying security assumptions in a structured manner. This document does not address functional safety requirements for railway systems but rather additional requirements arising from threats and related security vulnerabilities and for which specific measures and activities need to be taken and managed throughout the lifecycle. The aim of this document is to ensure that the RAMS characteristics of railway systems / subsystems / equipment cannot be reduced, lost or compromised in the case of cyber attacks. The security models, the concepts and the risk assessment process described in this document are based on or derived from the IEC/EN IEC 62443 series. This document is consistent with the application of security management requirements contained within IEC 62443 2 1, which in turn are based on EN ISO/IEC 27001 and EN ISO 27002.

  • Technical specification
    164 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 60317-27-2:2020/A1:2024(Amendment)
Specifications for particular types of winding wires - Part 27-2: Paper tape covered round aluminium wire
SIST EN IEC 60317-27-2:2020/oprA1:2023
  • Draft
    3 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN 50463-5:2017/A1:2024(Amendment)
Railway applications - Energy measurement on board trains - Part 5: Conformity assessment
SIST EN 50463-5:2018/fprA1:2024

This New Work Item Proposal has the scope to provide an amendment of the European standard EN 50463-5 in order to update the annex ZZ

  • Draft
    5 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 60317-12:2020/A1:2024(Amendment)
Specifications for particular types of winding wires - Part 12: Polyvinyl acetal enamelled round copper wire, class 120
SIST EN IEC 60317-12:2020/oprA1:2023
  • Draft
    3 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 60794-1-209:2024(Main)
Optical fibre cables - Part 1-209: Generic specification - Basic optical cable test procedures - Environmental test methods - Ageing, method F9
kSIST FprEN IEC 60794-1-209:2024

IEC 60794-1-209:2024 defines test procedures to be used in establishing uniform requirements for the environmental performance of: - optical fibre cables for use with telecommunication equipment and devices employing similar techniques; and - cables having a combination of both optical fibres and electrical conductors. Throughout this document, the wording "optical cable" can also include optical fibre units, microduct fibre units, etc. This document defines a test standard to determine cable aging performance by high temperature exposure and temperature cycling in order to simulate lifetime behaviour of the attenuation of cables, or physical attributes. See IEC 60794‑1‑2 for a reference guide to test methods of all types and for general requirements and definitions. This document partially cancels and replaces IEC 60794‑1‑22:2017. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to IEC 60794‑1‑22:2017: a) the ambient temperature test condition has been defined as per IEC 60794‑1‑2; b) all the maximum allowable attenuation increase values for single-mode and multimode fibres have been deleted, and have been included in the list of details to be specified.

  • Draft
    7 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 60794-1-201:2024(Main)
Optical fibre cables - Part 1-201: Generic specification - Basic optical cable test procedures - Environmental test methods - Temperature cycling, method F1
kSIST FprEN IEC 60794-1-201:2024

IEC 60794-1-201: 2024 defines test procedures to be used in establishing uniform requirements for the environmental performance of: - optical fibre cables for use with telecommunication equipment and devices employing similar techniques; and - cables having a combination of both optical fibres and electrical conductors. Throughout this document, the wording "optical cable" can also include optical fibre units, microduct fibre units, etc. This document defines a test standard to determine the ability of a cable to withstand the effects of temperature cycling by observing changes in attenuation. See IEC 60794-1-2 for a reference guide to test methods of all types and for general requirements and definitions. This document partially replaces IEC 60794-1-22:2017. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to IEC 60794-1-22:2017: a) all references to the temperature sensing device have been removed and replaced with a note "for further study"; b) the conditioning procedure has been separated into Procedure 1 and Procedure 2 to avoid confusion; c) the ambient temperature test condition has been defined as per IEC 60794-1-2; d) the minimum soak time has been decreased for sample mass >16 kg in Table 1.

  • Draft
    11 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 60598-2-20:2024(Main)
Luminaires - Part 2-20: Particular requirements - Lighting chains
SIST EN IEC 60598-2-20:2024

IEC 60598-2-20:2022 is available as IEC 60598-2-20:2022 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 60598-2-20:2022 specifies requirements for lighting chains fitted with series, parallel or a combination of series/parallel connected light sources for use either indoors or outdoors on supply voltages not exceeding 250 V. This fifth edition cancels and replaces the fourth edition published in 2014. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: - specific provisions for temporarily installed protected lighting (TPL) chains have been added; - new terms and definitions have been added.

  • Standard
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61340-5-1:2024(Main)
Electrostatics - Part 5-1: Protection of electronic devices from electrostatic phenomena - General requirements
SIST EN IEC 61340-5-1:2024

IEC 61340-5-1:2024 applies to organizations that: manufacture, process, assemble, install, package, label, service, test, inspect, transport, or otherwise handle electrical or electronic parts, assemblies and equipment with withstand voltages greater than or equal to 100 V human body model (HBM) and 200 V charge device model (CDM). Also, protection from isolated conductors is addressed by limiting the voltage on isolated conductors to less than 35 V. ESDS with lower withstand voltages can require additional control elements or adjusted limits. Processes designed to handle items that have lower ESD withstand voltage(s) can still claim compliance to this document. This document provides the requirements for an ESD control program. IEC TR 61340-5-2 provides guidance on the implementation of this document. This document does not apply to electrically initiated explosive devices, flammable liquids, gases, and powders. The purpose of this document is to provide the administrative and technical requirements for establishing, implementing, and maintaining an ESD control program (hereinafter referred to as the “program”). This edition includes the following significant technical changes with respect to the previous edition: a) definitions have been added to the document; b) updates to product qualification requirements; c) subclause 5.3.3 now includes a reference to groundable static control garment systems; d) Table 2 was replaced; e) subclause 5.3.4.2 was updated to define what an insulator is; f) subclause 5.3.4.3 was updated to include a definition for isolated conductor; g) Table 3 was updated, technical items added, including a reference to IEC 61340-5-4 for compliance verification testing; h) Table 4 was added as a summary of the requirements in IEC 61340-5-3 and to include requirements for compliance verification of packaging; i) Annex A was replaced: the former Annex is no longer required. Annex A are examples of tailoring.

  • Standard
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61788-23:2024(Main)
Superconductivity - Part 23: Residual resistance ratio measurement - Residual resistance ratio of cavity-grade Nb superconductors
SIST EN IEC 61788-23:2024

IEC 61788-23:2024 is available as IEC 61788-23:2024 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 61788-23:2024 addresses a test method for the determination of the residual resistance ratio (RRR), rRRR, of cavity-grade niobium. This method is intended for high-purity niobium grades with 150 < rRRR < 600. The test method is valid for specimens with rectangular or round cross-section, cross-sectional area greater than 1 mm2 but less than 20 mm2, and a length not less than 10 nor more than 25 times the width or diameter.

  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day