The aim of CLC/TS 50701 is to introduce the requirements as well as recommendations to address cybersecurity within the railway sector. CLC/TS 50701 provides railway operators, system integrators and product suppliers guidance and specifications on how cybersecurity will be managed in the context of EN 50126 1 RAMS lifecycle process.
Due to digitization and the need for more performance and better maintainability, previously isolated industrial systems are now connected to large networks and increasingly use standard protocols and commercial components. Because of this evolution, cybersecurity has become a key topic for these industrial systems, including critical systems such as railway systems.
CLC/TS 50701 aims at the implementation of a consistent approach to the management of the security of the railway systems. It provides references to models and concepts from which requirements and recommendations can be derived and that are suitable to ensure that the residual risk from security threats is identified, supervised and managed to an acceptable level by the railway system duty holder. It presents the underlying security assumptions in a structured manner.
CLC/TS 50701 does not address functional safety requirements for railway systems but rather additional requirements arising from threats and related security vulnerabilities for which specific measures and activities need to be taken and managed throughout the lifecycle.
The security models, the concepts and the risk assessment process described in CLC/TS 50701 are based on or derived from the IEC/EN IEC 62443 series.