prEN IEC 63452:2025

SLOVENSKI STANDARD
01-september-2025
Železniške naprave - Kibernetska varnost
Railway applications - Cybersecurity
Ta slovenski standard je istoveten z: prEN IEC 63452:2025
ICS:
35.030 Informacijska varnost IT Security
45.020 Železniška tehnika na Railway engineering in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

9/3232A/CDV
COMMITTEE DRAFT FOR VOTE (CDV)
PROJECT NUMBER:
IEC 63452 ED1
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2025-08-08 (2025-07-18) 2025-10-17 (2025-10-10)
SUPERSEDES DOCUMENTS:
9/3000/CD, 9/3036A/CC
IEC TC 9 : ELECTRICAL EQUIPMENT AND SYSTEMS FOR RAILWAYS
SECRETARIAT: SECRETARY:
France Mr Denis MIGLIANICO
OF INTEREST TO THE FOLLOWING COMMITTEES: HORIZONTAL FUNCTION(S):
TC 65
ASPECTS CONCERNED:
Information security and data privacy
SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of CENELEC, is
drawn to the fact that this Committee Draft for Vote (CDV) is submitted
for parallel voting.
The CENELEC members are invited to vote through the CENELEC
online voting system.
This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.
Recipients of this document are invited to submit, with their comments, notification of any relevant “In Some Countries” clauses to
be included should this proposal proceed. Recipients are reminded that the CDV stage is the final stage for submitting ISC clauses.
(SEE AC/22/2007 OR NEW GUIDANCE DOC).
TITLE:
Railway applications – Cybersecurity
PROPOSED STABILITY DATE: 2028
NOTE FROM TC/SC OFFICERS:
This A version shows aligned Word extraction from the OSD in regards of annexes and figures. The closing date for
voting has been extended to 2025-10-17. No technical modification has been made.
st
The Cenelec parallel vote status of this project has been changed on 1 of August, as reflected on this coverpage.
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.

Link to Committee Draft for Vote (CDV) online document:

https://osd.iec.ch/#/editor/archive/0e847a8f-d663-e6d5-e063-1710000a30d0/en/CCDV/1

How to access
This link leads you to the Online Standards Development (OSD) platform for National Mirror Committee’s
(NMC) comments. The project draft may be found further down this document.

Resource materials
We recommend NCs to review the available materials to better understand the member commenting on the
OSD platform. This includes the:
• OSD NC roles overview: here
• How to add and submit comments to the IEC: here
Contact
Should you require any assistance, please contact the IEC IT Helpdesk at helpdesk@iec.ch.

IEC CDV 63452 ED1 © IEC 2025
CONTENTS
CONTENTS . 1
FOREWORD . 13
Introduction. 15
Purpose . 15
Overview of the structure of this document . 15
1 Scope . 17
2 Normative references . 17
3 Terms and definitions, abbreviated terms and acronyms, taxonomy and terms
equivalence . 17
3.1 Terms and definitions. 17
3.2 Abbreviated terms and acronyms . 46
3.3 Railway system taxonomy and terms equivalence . 50
4 Railway system overview . 53
4.1 Purpose . 53
4.2 Overview . 53
4.3 Inputs / Outputs . 54
4.4 [SO-01-01] Identification of the railway system . 54
4.4.1 Requirement . 54
4.4.2 Rationale and supplemental guidance . 54
4.5 [SO-02-01] Definition of a high-level railway system model . 56
4.5.1 Requirement . 56
4.5.2 Rationale and supplemental guidance . 56
4.6 [SO-03-01] Definition of a high-level railway zone model . 58
4.6.1 Requirement . 58
4.6.2 Rationale and supplemental guidance . 58
4.7 [SO-04-01] Specification of shared cybersecurity services . 60
4.7.1 Requirement . 60
4.7.2 Rationale and supplemental guidance . 60
5 Enterprise cybersecurity programme and management . 62
5.1 Overview . 62
5.2 Inputs / Outputs . 62
5.3 [CP-01-01] Railway OT cybersecurity policy . 63
5.3.1 Requirement . 63
5.3.2 Rationale and supplemental guidance . 63
5.4 [CP-01-02] Railway OT cybersecurity programme . 63
5.4.1 Requirement . 63
5.4.2 Rationale and supplemental guidance . 64
5.5 [CP-02-01] Information sharing management . 65
5.5.1 Requirement . 65
5.5.2 Rationale and supplemental guidance . 65
5.6 [CP-03-01] Competency management . 65
5.6.1 Requirement . 65
5.6.2 Rationale and supplemental guidance . 66
5.7 [CP-04-01] Inventory management . 66
5.7.1 Requirement . 66
5.7.2 Rationale and supplemental guidance . 67
IEC CDV 63452 ED1 © IEC 2025
5.8 [CP-05-01] Supply chain management . 67
5.8.1 Requirement . 67
5.8.2 Rationale and supplemental guidance . 67
5.9 [CP-06-01] Risk management . 70
5.9.1 Requirement . 70
5.9.2 Rationale and supplemental guidance . 71
5.10 [CP-07-01] Business continuity management . 71
5.10.1 Requirement . 71
5.10.2 Rationale and supplemental guidance . 72
5.11 [CP-08-01] Data protection management . 72
5.11.1 Requirement . 72
5.11.2 Rationale and supplemental guidance . 73
6 Cybersecurity within a railway application life cycle . 74
6.1 Purpose . 74
6.2 Railway application and product life cycles . 74
6.3 Manage cybersecurity activities and interfaces . 74
6.3.1 Inputs / Outputs . 74
6.3.2 [LC-01-01] Assign Project Cybersecurity Manager . 74
6.3.3 [LC-02-01] Plan project cybersecurity activities till the handover . 75
6.3.4 [LC-02-02] Tailoring the cybersecurity management plan . 76
6.3.5 [LC-02-03] Cybersecurity management plan approval . 76
6.3.6 [LC-02-04] Management of security issues before handover . 77
6.3.7 [LC-03-01] Manage product suppliers . 77
6.3.8 [LC-04-01] Manage interaction with safety and RAM teams . 77
6.4 Cybersecurity activities mapping to the IEC 62278-1 life cycle . 78
7 Risk assessment for system design . 83
7.1 Purpose and outcome . 83
7.2 Overview . 83
7.3 Identify the SUC and its security context . 86
7.3.1 Description . 86
7.3.2 Inputs / Outputs . 86
7.3.3 [ZR-01-01] Identify the SUC, its security perimeter and access points . 86
7.3.4 [ZR-01-02] Identify the cybersecurity context . 87
7.4 Initial Risk Assessment . 89
7.4.1 Description . 89
7.4.2 Inputs / Outputs . 89
7.4.3 [ZR-02-01] Initial risk assessment . 89
7.5 Partitioning of the SUC in zones and conduits . 90
7.5.1 Description . 90
7.5.2 Inputs / Outputs . 90
7.5.3 [ZR-03-01] Partitioning of the SUC . 90
7.6 Risk comparison . 91
7.6.1 Description . 91
7.6.2 Inputs / Outputs . 91
7.6.3 [ZR-04-01] Compare initial risk with tolerable risk . 91
7.7 Detailed Risk Assessment . 92
7.7.1 Description . 92
7.7.2 Inputs / Outputs . 92
7.7.3 [ZR-05-01] Perform Detailed Risk Assessment . 92
IEC CDV 63452 ED1 © IEC 2025
7.7.4 [ZR-05-02] Identify threats . 93
7.7.5 [ZR-05-03] Identify vulnerabilities . 94
7.7.6 [ZR-05-04] Manage identified threats and vulnerabilities . 95
7.7.7 [ZR-05-05] Apply a code of practice . 95
7.7.8 [ZR-05-06] Application requirements from a reference system . 95
7.7.9 Explicit Risk Evaluation [ZR-05-07, ZR-05-08, ZR-05-09] . 96
7.7.10 [ZR-05-10] Threats coverage and risk acceptance . 100
7.7.11 [ZR-05-11] Document results of the Detailed Risk Assessment . 100
7.8 Document cyber security requirements . 101
7.8.1 Description . 101
7.8.2 Inputs / Outputs . 101
7.8.3 [ZR-06-01] Cybersecurity requirements specification . 101
7.9 Asset owner's approval . 103
7.9.1 Description . 103
7.9.2 Inputs / Outputs . 103
7.9.3 [ZR-07-01] Asset owner's approval . 103
8 Cybersecurity architecture, integration and configuration . 103
8.1 Purpose . 103
8.2 Inputs / Outputs . 103
8.3 SUC cybersecurity functional architecture . 104
8.3.1 [AA-01-01] Cybersecurity Architecture . 104
8.3.2 [AA-01-02] Cybersecurity shall not adversely impact essential functions . 104
8.3.3 [AA-01-03] Requirements apportionment to subsystems . 105
8.3.4 [AA-01-04] Inclusion of compensating countermeasures . 106
8.3.5 [AA-01-05] Cybersecurity requirement traceability . 106
8.4 Cybersecurity integration . 106
8.4.1 [AA-02-01] Cybersecurity guidelines for the railway solution . 106
8.5 Cybersecurity configuration . 107
8.5.1 [AA-03-01] Cybersecurity parameterization and configuration of the
railway solution . 107
9 Cybersecurity assurance for railway solutions . 107
9.1 Purpose . 107
9.2 Overview . 108
9.3 Cybersecurity verification and validation . 109
9.3.1 Description . 109
9.3.2 Inputs / Outputs . 109
9.3.3 [CA-01-01] Plan cybersecurity evaluation activities . 110
9.3.4 [CA-01-02] Independence of security testers . 111
9.3.5 [CA-01-03] Execution of cybersecurity evaluation activities. 111
9.3.6 [CA-01-04] Verification of cybersecurity deliverables . 112
9.3.7 [CA-01-05] Cybersecurity validation of the railway solution . 112
9.3.8 [CA-01-06] Railway solution cybersecurity case . 113
9.4 Railway solution acceptance . 114
9.4.1 Description . 114
9.4.2 Inputs / Outputs . 114
9.4.3 [CA-02-01] Establish cybersecurity handover plan . 115
9.4.4 [CA-02-02] Approval of the cybersecurity handover plan . 115
9.4.5 [CA-02-03] Approval of the cybersecurity case . 116
9.4.6 [CA-02-04] Perform cybersecurity handover. 116
IEC CDV 63452 ED1 © IEC 2025
10 Operational, maintenance and decommissioning requirements . 116
10.1 Overview . 116
10.2 Inputs / Outputs . 118
10.3 [OM-01-01] Cybersecurity maintenance plan . 119
10.3.1 Requirement . 119
10.3.2 Rationale and supplemental guidance . 119
10.4 [OM-01-02] Cybersecurity rules and procedures . 120
10.4.1 Requirement . 120
10.4.2 Rationale and supplemental guidance . 120
10.5 [OM-01-03] Continuous cybersecurity verification . 121
10.5.1 Requirement . 121
10.5.2 Rationale and supplemental guidance . 121
10.6 [OM-02-01] Railway application cybersecurity case . 121
10.6.1 Requirement . 121
10.6.2 Rationale and supplemental guidance . 121
10.7 [OM-03-01] Risk assessment update . 122
10.7.1 Requirement . 122
10.7.2 Rationale and supplemental guidance . 122
10.8 [OM-04-01] Vulnerability advisories . 123
10.8.1 Requirement . 123
10.8.2 Rationale and supplemental guidance . 123
10.9 [OM-04-02] Cybersecurity testing and report . 123
10.9.1 Requirement . 123
10.9.2 Rationale and supplemental guidance . 123
10.10 [OM-04-03] Vulnerability management . 124
10.10.1 Requirement . 124
10.10.2 Rationale and supplemental guidance . 124
10.11 [OM-05-01] Patch management process . 124
10.11.1 Requirement . 124
10.11.2 Rationale and supplemental guidance . 125
10.12 [OM-05-02] Patch management supply chain . 125
10.12.1 Requirement . 125
10.12.2 Rationale and supplemental guidance . 125
10.13 [OM-05-03] End-of-life and end-of-security-support considerations . 126
10.13.1 Requirement . 126
10.13.2 Rationale and supplemental guidance . 126
10.14 [OM-06-01] Incident management . 126
10.14.1 Requirement . 126
10.14.2 Rationale and supplemental guidance . 126
10.15 [OM-06-02] Backup and recovery management . 129
10.15.1 Requirement . 129
10.15.2 Rationale and supplemental guidance . 129
10.16 [OM-07-01] Security monitoring . 130
10.16.1 Requirement . 130
10.16.2 Rationale and supplemental guidance . 130
10.17 [OM-08-01] Decommissioning management . 131
10.17.1 Requirement . 131
10.17.2 Rationale and supplemental guidance . 131
Annex A (informative) Handling conduits . 132
IEC CDV 63452 ED1 © IEC 2025
A.1 General . 132
A.2 Protection profiles for conduits . 133
Annex B (informative) Handling legacy systems . 135
General . 136
B.1 Basic security risks . 136
B.1.1 A denial of service attacks and vulnerability exploits . 136
B.1.2 Impersonation attack . 136
B.2 Basic process activities . 137
B.2.1 General . 137
B.2.2 Zoning . 137
B.2.3 Defence in depth . 137
B.2.4 Basic risk analysis . 138
B.2.5 (Re-)Commissioning . 138
B.2.6 Site acceptance test (SAT) . 138
B.2.7 Operation . 139
B.2.8 Training of personnel . 139
B.2.9 Asset inventory . 139
B.3 Basic security countermeasures . 139
B.3.1 General . 139
B.3.2 Protect installation . 139
B.3.3 Regular inspection of installation . 140
B.3.4 Network / perimeter protection . 140
B.3.5 Network segmentation / restricted data flow . 140
B.3.6 Monitoring and network management . 140
B.3.7 Network management system . 141
B.3.8 Intrusion detection / SIEM . 141
B.3.9 Virtual private networks (VPN) . 142
B.3.10 Redundant communication. 142
B.3.11 Security gateway . 142
B.3.12 Handling USB connectors . 142
B.3.13 Encryption . 143
B.3.14 Authentication . 143
Annex C (informative) Cybersecurity design principles and system requirements . 144
C.1 Cybersecurity design principles. 144
C.1.1 Introduction . 144
C.1.2 Secure the weakest link . 144
C.1.3 Defence in depth . 145
C.1.4 Fail secure. 148
C.1.5 Grant least privilege . 149
C.1.6 Economise mechanism . 150
C.1.7 Authenticate requests . 152
C.1.8 Control access . 154
C.1.9 Assume secrets not safe . 155
C.1.10 Make security usable . 156
C.1.11 Promote privacy. 158
C.1.12 Audit and monitor . 158
C.1.13 Proportionality principle . 160
C.1.14 Precautionary principle . 161
C.1.15 Continuous protection . 162
IEC CDV 63452 ED1 © IEC 2025
C.1.16 Secure metadata . 163
C.1.17 Secure defaults . 164
C.1.18 Trusted components . 165
C.2 Guidelines for implementation in a railway environment . 166
Annex D (informative) Safety and cybersecurity . 202
General . 203
D.1 Differences between safety and cybersecurity . 203
D.2 Security from a safety perspective . 204
D.3 Co-engineering of safety and security . 204
D.4 Quantification of security . 205
D.5 The relationship between safety integrity levels and security levels . 205
D.6 Responsibility for security . 206
Annex E (informative) Risk acceptance methods . 207
E.1 General . 207
E.2 Example 1 . 207
E.2.1 Introduction . 207
E.2.2 Impact assessment . 207
E.2.3 Likelihood assessment . 208
E.2.4 Risk tolerability . 208
E.2.5 Justification . 209
E.3 Example 2 . 209
E.3.1 Introduction . 209
E.3.2 Impact assessment . 209
E.3.3 Likelihood assessment . 210
E.3.4 Risk tolerability . 211
E.3.5 Justification . 211
E.4 Example 3 . 211
E.4.1 Introduction . 211
E.4.2 Impact assessment . 211
E.4.3 Likelihood assessment . 212
E.4.4 Risk tolerability . 213
E.4.5 Justification . 213
E.5 Example 4 . 213
E.5.1 Introduction . 213
E.5.2 Impact Assessment . 213
E.5.3 Likelihood assessment . 214
E.5.4 Risk acceptance . 216
E.5.5 Justification . 216
Annex F (informative) Railway system models and zone models . 218
F.1 Design guidance and rules . 218
F.1.1 Design guidance for system models . 218
F.1.2 Design rules for the area-based model . 218
F.1.3 Design rules for the topology-based model . 219
F.2 Magnifications of the high-level railway zone model . 219
F.2.1 Design Guidance for zone models . 222
F.3 Train to ground communication . 234
F.3.1 Introduction . 234
F.3.2 Communication channel. 234
IEC CDV 63452 ED1 © IEC 2025
F.3.3 Principles . 235
Annex G (informative) Cybersecurity deliverables content . 236
G.1 Purpose . 236
G.2 Railway OT cybersecurity policy and cybersecurity programme . 236
G.2.1 Railway OT cybersecurity policy . 236
G.2.2 Railway OT cybersecurity programme . 236
G.2.3 Rational and guidance . 237
G.3 Cybersecurity management plan . 237
G.4 Risk assessment report . 239
G.5 Cybersecurity requirement specification . 239
G.6 Cybersecurity guidelines for the railway solution . 240
G.7 Cybersecurity evaluation plan . 241
G.8 Cybersecurity case . 242
G.9 Cybersecurity maintenance plan . 243
Annex H (informative) Cybersecurity competence profiles . 245
H.1 Purpose . 245
H.2 Railway cybersecurity competence profiles . 246
H.2.1 Introduction . 246
H.2.2 Railway Project Cybersecurity Manager . 246
H.2.3 Railway Cybersecurity Architect . 247
H.2.4 Railway Cybersecurity Risk Analyst . 248
H.2.5 Railway Cybersecurity Implementer . 249
H.2.6 Railway Cybersecurity Penetration Tester . 250
H.2.7 Railway Cybersecurity Assessor . 252
H.2.8 Railway Cybersecurity Verifier . 253
H.2.9 Railway Cybersecurity Validator . 254
H.2.10 Railway Cybersecurity Administrator . 255
H.2.11 Railway Cybersecurity Incident Responder . 256
H.2.12 Railway Chief Information Security Officer . 257
Annex I (informative) Cybersecurity for operation and maintenance activities -
Operational guidance . 260
I.1 Purpose . 260
I.2 Change to maintenance activities and teams . 260
I.3 Access Strategy . 260
I.3.1 Physical Access: . 260
I.3.2 Role-Based Access: . 260
I.3.3 Network Access: . 261
I.3.4 Consistency for Access Protection: . 261
I.4 Remote Access and Maintenance . 261
I.4.1 General . 261
I.4.2 Remote Maintenance OT . 261
I.4.3 Methods of Remote Maintenance . 261
I.5 Other aspects to be correctly addressed . 262
I.5.1 Data Protection: . 262
I.5.2 Decommissioning: . 262
I.5.3 Awareness of People: . 262
I.5.4 Use of Portable Media (such as laptop, USB key): . 262
I.5.5 Key Exchange and Management: . 262
Annex J (informative) Vulnerability Management - Operational guidance . 263
IEC CDV 63452 ED1 © IEC 2025
J.1 Purpose . 263
J.2 organizational aspects . 263
J.3 Process scoping . 263
J.4 Vulnerability identification, analysis and prioritization criteria . 264
J.5 Vulnerability remediation . 265
Annex K (informative) Cloud security . 268
K.1 General . 268
K.2 Applicability . 268
K.3 Cloud Security within the railway application life cycle . 269
K.3.1 Specification Phase . 269
K.3.2 Design and Implementation Phase . 270
K.3.3 Validation Phase . 274
K.3.4 Operations and Maintenance Phase . 275
K.3.5 Decommissioning . 278
K.3.6 Business Continuity and Disaster Recovery . 278
K.4 Cross-Refe
...