A Methodology for Cybersecurity Risk Assessment – A Case-study in Railway

  • Ravdeep Kour Division of Operation and Maintenance Engineering, Luleå University of Technology,97187, Lulea
  • Amit Patwardhan Division of Operation and Maintenance Engineering, Luleå University of Technology,97187, Lulea
  • Adithya Thaduri Division of Operation and Maintenance Engineering, Luleå University of Technology,97187, Lulea
  • Ramin Karim Division of Operation and Maintenance Engineering, Luleå University of Technology,97187, Lulea
Keywords: Operational security, ISA/IEC 62443, FMECA, Railway, cyber threat, risk assessment

Abstract

Digitalisation is changing the railway globally. One of the major concerns in digital transformation of the railway is the increased exposure to cyberattacks. The railway is vulnerable to these cyberattacks because the number of digital items and number of interfaces between digital and physical components in these systems keep growing. Increased number of digital items and interfaces require new methodologies, frameworks, models, concepts, and architectures to ensure the railway system’s resilience with respect to cybersecurity challenges, such as adoption and convergence of Information Technology (IT) and Operational Technology (OT) technology within the railway. This convergence has brought significant benefits in reliability, operational efficiency, capacity as well as improvements in passenger experience but also increases the vulnerability towards cyberattacks from individuals, organizations, and governments. This paper proposes a methodology on how to deals with OT security in the railway signalling using failure mode, effects and criticality analysis (FMECA) and ISA/IEC 62443 security risk assessment methodologies.

Published
2022-06-30
Section
Articles