This pre-standard gives appropriate recommendations for the specification of requirements which ensure that the risk of threats to IT security in the field of electric railway signalling systems is generally acceptable. It provides a structured description of underlying assumptions for these recommendations. The recommendations refer to the development, operation and procurement of IT systems in electrical, electronic and programmable electronic railway signalling systems. In contrast to functional safety this pre-standard deals with risks due to malicious attacks.
The IT security requirements are based on IEC 62443, especially on its definition of IT security levels and the provisions for the description of system architectures by means of zones and conduits. These IT security requirements are derived and implemented compatible with DIN EN 50129 (VDE 0831-129).