Complying to Safety Standards over Security Provisioning in the Railway Sector

Complying to Safety Standards over Security Provisioning in the Railway Sector


This post was written by Markus Heinrich, Stefan Katzenbeisser, Neeraj Suri (TU Darmstadt)

Darmstadt, June 30th

The CIPSEC project aims to develop a unified security framework that can cohesively address multiple Critical Infrastructures (CIs). One of CIPSEC's targeted CI is the railway transportation sector, as represented by Deutsche Bahn in the project. While security provisioning is CIPSEC's primary objective, any proposed security mechanisms should in no way compromise the railway's core safety-critical operations that essentially need to conform to requisite standards such as DKE's Security of Signalling pre-standard DIN VDE V 0831-104. DKE (German Commission for Electrical, Electronic & Information Technologies) is the national organization responsible for the creation and maintenance of standards and safety specifications covering the areas of electrical engineering, electronics and information technology. Additional background on DIN/DKE can be found at:

In this context, CIPSEC's partners TU Darmstadt and Deutsche Bahn collectively contribute to the ongoing development of the pre-standard DIN VDE V 0831-104 that is conducted in the workgroup DKE 351.3.7. Their participative role is to ensure that CIPSEC's proposed security enhancements stay conformant to the DKE standards. Hence, the pre-standard DIN VDE V 0831-104 will be monitored and updated to the current state of knowledge taking into account the already published parts of IEC 62443 so as to maintain coherence between standards of various subsections of the railway domain (e.g. rolling stock, energy supply, signalling). IEC 62443 is a security standard framework for industrial automation control systems. The German pre-standard brings together the security guidelines and the railway domain by assigning security activities (such as the security risk analysis) to the safety lifecycle of EN 50126 that is already well regarded by railway safety engineers.

In addition, TU Darmstadt and Deutsche Bahn contribute to the newly introduced DKE 351.0.6. The Working Group 351.0.6 of DKE develops IT security standards for the complete railway sector that covers rolling stock and energy supply in addition to signalling. Currently, the group focuses on sector-specific security standards to fulfill the German IT Security Act. The IT Security Act can be considered the national equivalent for Critical Infrastructures of the European Commission's Network and Information Systems' (NIS) security directive. The IT Security Act mandates every CI operator to establish security mechanisms and processes in their systems, and to report security incidents. The reports will be gathered by a Federal Authority and shared among the CI operators to enable fast and comprehensive security monitoring.

CIPSEC project results receive funding from the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no 700378.
The opinions expressed and arguments employed in this publication do not necessarily reflect the official views of the Research Executive Agency (REA) nor the European Commission.