Internet of Things (IoT)

ENISA Zoning and Conduits for Railways - Security Architecture

  • 1.  ENISA Zoning and Conduits for Railways - Security Architecture

    Posted Feb 28, 2022 08:50:00 AM
      |   view attached
    Hi All,

    ENISA just published ENISA Zoning and Conduits for Railways - Security Architecture

    This document gives guidance on building zones and conduits for a railway system. To do so,
    first the methodology is described. This approach is based on the recently published CENELEC
    Technical Specification 50701 (CLC/CLC/TS 50701:2021). The approach is complemented with
    additional practical information and hints on how to make the implementation of zoning easier
    for a railway operator. It gathers the experience of the European Railway Information Sharing
    and Analysis Center and its members, i.e. European infrastructure managers and railway

    Each of the steps of the zoning process is explained in detail. The document shows what
    standards are required in each step and what processes should be performed. Additionally, the
    document discusses the documentation that should be created during each step and guidance
    in the form of a 'cookbook' is given.

    During the zoning process, zoning models are developed over three iterations:
    1. "Proposal railway zoning model": it is used in the first steps, ranging from first collecting
    information and designing initial zones (ZCR 1) up to the stage where zones, conduits,
    communication lines and security levels (SL) get verified briefly for the first time (ZCR
    3). The proposal zone model is generic. It can be aligned with but need not fit the
    corporate structure.
    2. "High-level railway zoning model": it contains a concrete and defined risk verified
    architecture (ZCR 4) and is implemented via cybersecurity measures (ZCR 5). The
    company specific high-level zone model should be orientated to the corporate
    3. "Final railway zoning model": it is a detailed and verified version of the high-level
    model, reflecting the corporate structure within all zones, conduits and communication
    lines, the SL ZC and other information (ZCR 6 to ZCR 7).

    At the end of this document, the phases after zoning is complete are discussed, i.e. Migration
    (ZCR 8) and Operation (ZCR 9). Finally, the issue of legacy systems is commented on briefly.

    The CENELEC Technical Specification 50701 (CLC/CLC/TS 50701:2021):

    Can be previewed here:

    Can be purchased here:

    Michael Roza CPA, CISA, CIA, MBA, Exec MBA