Hi All,
ENISA just published ENISA Zoning and Conduits for Railways - Security Architecture
This document gives guidance on building zones and conduits for a railway system. To do so,
first the methodology is described. This approach is based on the recently published CENELEC
Technical Specification 50701 (CLC/CLC/TS 50701:2021). The approach is complemented with
additional practical information and hints on how to make the implementation of zoning easier
for a railway operator. It gathers the experience of the European Railway Information Sharing
and Analysis Center and its members, i.e. European infrastructure managers and railway
undertakings.
Each of the steps of the zoning process is explained in detail. The document shows what
standards are required in each step and what processes should be performed. Additionally, the
document discusses the documentation that should be created during each step and guidance
in the form of a 'cookbook' is given.
During the zoning process, zoning models are developed over three iterations:
1. "Proposal railway zoning model": it is used in the first steps, ranging from first collecting
information and designing initial zones (ZCR 1) up to the stage where zones, conduits,
communication lines and security levels (SL) get verified briefly for the first time (ZCR
3). The proposal zone model is generic. It can be aligned with but need not fit the
corporate structure.
2. "High-level railway zoning model": it contains a concrete and defined risk verified
architecture (ZCR 4) and is implemented via cybersecurity measures (ZCR 5). The
company specific high-level zone model should be orientated to the corporate
structure.
3. "Final railway zoning model": it is a detailed and verified version of the high-level
model, reflecting the corporate structure within all zones, conduits and communication
lines, the SL ZC and other information (ZCR 6 to ZCR 7).
At the end of this document, the phases after zoning is complete are discussed, i.e. Migration
(ZCR 8) and Operation (ZCR 9). Finally, the issue of legacy systems is commented on briefly.
The CENELEC Technical Specification 50701 (CLC/CLC/TS 50701:2021):
Can be previewed here:
https://cdn.standards.iteh.ai/samples/67491/e63ecbd020f34486b23216336f87d033/SIST-TS-CLC-TS-50701-2021.pdfCan be purchased here:
https://standards.iteh.ai/catalog/standards/clc/1a4316e5-3b11-4d71-b561-a7978b8f408c/clc-ts-50701-2021------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------