Standards promote uniform requirements for customers and service providers. Standards often leave room for interpretation to enable a wide range of applications. If independent projects are to achieve common results, it is essential to close these gaps through a common interpretation - a guideline.
The security standards IEC 62443 and TS 50701 provide a framework for analysing security in railway systems that has been adopted by all European stakeholders in the railway sector. These standards are also used in European projects to identify security risks and define mitigating measures through standardised processes. In order to enable an exchange between the different projects and additionally the suppliers, comparable work results must be ensured. This can only be achieved if the interpretation and application of the standards mentioned is consistent in all projects. For this reason, the European standardisation groups (EULYNX, EUG, RCA and OCORA) have developed a common guideline for the application of the railway-specific security standards. These provide a detailed framework for all work steps. This extends from the initial definition of the system under consideration, to the determination of the security level, to the risk analysis and the derivation of the system and component requirements. The latest version of the Security Guideline, developed by Roger Metz and Richard Poschinger, is available on the EUG website: https://ertms.be/workgroups/cyber_security