Frazer-Nash has been appointed by the
Department of Transport's (DfT) Rail Group to deliver a programme
that will examine how security requirements might be integrated
into the rail industry's safety management regime.
Business Manager, Tim Myall explains:
"The rail industry currently uses a concept known as a 'safety
case' to articulate a clear, comprehensive and defensible argument
that a rail system is acceptably safe to operate in a particular
context.
"Security considerations can have a
significant impact on a safety case, and security needs to be
integrated into the processes that underpin the safety case.
Frazer-Nash has been appointed to develop detailed guidance on how
such integration might be achieved."
While there are many overlaps between
safety and security principles, there are also some significant
differences in emphasis, and therefore some potential conflicts.
The new framework for security-informed safety cases will
address:
-
Modifying a safety case for an
existing system to include security concerns
-
Constructing a safety case for a new
system that addresses both safety and security concerns
-
Providing different views of a
security-informed safety case, for example, the safety argument and
the security argument.
Dermot Carroll, Technical Manager -
Rolling Stock and Electrical Engineering at the Department for
Transport's Rail Group said: "We have been working with industry
for some time to develop and issue high-level guidance that helps
the rail sector in reducing its vulnerability to cyber attack.
"This work, carried out in
consultation with the industry's High Integrity Systems Group,
provides valuable additional guidance on the use of a structured
approach for the control of risk and demonstration of cyber
security assurance."
The Frazer-Nash team will apply its
detailed knowledge of rail safety processes, supporting
organisations such as Network Rail on the UK-wide electrification
programme, and the European Rail Traffic Management System (ERTMS);
as well as its cyber security and information security expertise
deployed in support of UK Government and industry clients.