TN2312 Iss 1

This technical note will help industry to identify cyber security control measures, which may be put in place when designing a new component or function. This could help mitigate against malicious or non-malicious cyber-attacks on operational and information technology software systems on rolling stock.

This technical note has been produced because cyber-attacks on the railway are likely to increase as the railway becomes more digital in design and operation. The guidance will help the industry, as operators of an essential service, fulfil their obligation under the Security of Network and Information System Regulations 2018.

This technical note supplements related standards, such as RIS-2700-RST Rail Industry Standard for Verification of Conformity of Engineering Change to Rail Vehicles and RIS-0745-CCS Client Safety Assurance of High Integrity Software-Based Systems for Railway Applications.

It is applicable to:

• rolling stock manufacturers;
• rolling stock component suppliers;
• rolling stock owners and leasing companies;
• railway undertakings;
• entities in charge of maintenance; and
• infrastructure managers.