BENGHENAME, YASMINE (Lab. Heuristic and Diagnostic of Complex Systems), Lounis, Ahmed (Université de Technologie de Compiègne), Sallak, Mohamed (Compiegne University of Technology)

Toward Secure and Safe Railway Operations: Embedding Safety in Cybersecurity Frameworks

Scheduled for presentation during the Regular Session "S33b-Intelligent Control for Next-Generation Railway Systems" (FR-EA-T33), Friday, November 21, 2025, 14:10−14:30, Southport 3

2025 IEEE 28th International Conference on Intelligent Transportation Systems (ITSC), November 18-21, 2025, Gold Coast, Australia

This information is tentative and subject to change. Compiled on October 18, 2025

Abstract

The digital transformation of railway systems is enhancing automation, connectivity, and operational efficiency. However, it also introduces complex cybersecurity risks that can propagate into safety-critical failures. Existing frameworks often treat cybersecurity and safety as separate domains, limiting their ability to address the interdependent threats facing modern railway infrastructures. This paper presents a novel, integrated risk management framework that explicitly links cybersecurity threats to their potential safety consequences. Our approach is attacker-oriented, considering adversarial capabilities and intent, and safety-informed, meaning the security analysis is guided by safety-related principles and constraints to ensure the protection of safety-critical functions. The framework is grounded in, and harmonized with, international standards including ISO/IEC 27001, ISO/SAE 21434, and EN 50126, ensuring methodological consistency with current industry practices. To demonstrate the framework’s practical applicability, we conduct a detailed case study on the ERTMS/ETCS Level 1 signaling system. Using a dynamic driving emulator under realistic operational conditions, we identify key vulnerabilities, assess their exploitability by plausible attackers, and evaluate their potential to compromise safety integrity.