News & Events-Frazer-Nash studying how cyber security can integrate into rail safety

Frazer-Nash has been appointed by the Department of Transport's (DfT) Rail Group to deliver a programme that will examine how security requirements might be integrated into the rail industry's safety management regime.

Business Manager, Tim Myall explains: "The rail industry currently uses a concept known as a 'safety case' to articulate a clear, comprehensive and defensible argument that a rail system is acceptably safe to operate in a particular context.

"Security considerations can have a significant impact on a safety case, and security needs to be integrated into the processes that underpin the safety case. Frazer-Nash has been appointed to develop detailed guidance on how such integration might be achieved."

While there are many overlaps between safety and security principles, there are also some significant differences in emphasis, and therefore some potential conflicts. The new framework for security-informed safety cases will address:

  • Modifying a safety case for an existing system to include security concerns
  • Constructing a safety case for a new system that addresses both safety and security concerns
  • Providing different views of a security-informed safety case, for example, the safety argument and the security argument.

Dermot Carroll, Technical Manager - Rolling Stock and Electrical Engineering at the Department for Transport's Rail Group said: "We have been working with industry for some time to develop and issue high-level guidance that helps the rail sector in reducing its vulnerability to cyber attack.

"This work, carried out in consultation with the industry's High Integrity Systems Group, provides valuable additional guidance on the use of a structured approach for the control of risk and demonstration of cyber security assurance."

The Frazer-Nash team will apply its detailed knowledge of rail safety processes, supporting organisations such as Network Rail on the UK-wide electrification programme, and the European Rail Traffic Management System (ERTMS); as well as its cyber security and information security expertise deployed in support of UK Government and industry clients.