This work addresses the insidious undermining of safety assurance in the railways by sprawling digital networks. Not only does digitalization undermine traditional safety assurance methods, it also provides points of interaction for adversaries. Security assurance therefore is critical of these new digital systems to ensure that no new safety risk is introduced.
Digitalization transforms the railway undertaking, from services, rolling stock, infrastructure and all components within. In train manufacturing, computers used to be localized and independent control units servicing a specific system (say, doors or brakes). Today trains are equipped with overarching, centralized computer control systems for train control and management (TCMS systems). With such systems it becomes increasingly difficult to demonstrably assure safety critical functions for railway systems. Rolling stock is no exception where many facets are now composed of digital systems of systems.
This work explains the first steps for developing a comprehensive approach for the renewal of safety assurance processes to incorporate cyber-physical systems and the cyber security issues associated with them. This work addresses the security landscape for rolling stock OEMs (Original Equipment Manufacturers) whose role has changed from being the primary designers of trains to digital system integrators.
The emerging, technological challenges challenge the classical V & V lifecycle model for safety and cyber security engineering. This paper discusses a revised assurance lifecycle model, the safety ‘STAIRCASE’ that encompasses four steps in the development of a safety case: 1) the OUTLINE safety case, 2) the PRELIMINARY safety case, 3) the VALIDATED safety case and the O&M safety case.
