Remit Issue April 2016

Transcription

1 1 Introduction Remit Issue April This document defines the scope, purpose and working arrangements for the High Integrity Systems Group. High integrity systems are playing an increasingly important role in delivery, operation and maintenance as the GB railway is modernised. 1.2 The establishment of the group in October 2012 arose from a report produced by the Railway Industry Association following a workshop on High Integrity Software that took place in October In May 2014 a paper presented to RSSB Board indicated that HISG, reporting to the Strategic Systems Review Group (SSRG), had shown a strong interest in the identification of cyber threats as a key risk factor for adoption of High Integrity Systems. HISG was therefore requested to develop guidance on cyber security for technical systems in line with the request by the RSSB board. 2 Purpose and Scope of the Group 2.1 The purpose of HISG is to establish and disseminate best practice for the use of digital systems in high integrity railway operations. 2.2 The scope of the group s considerations is the technical systems that are used to deliver, operate or maintain the GB Rail infrastructure, freight or passenger services, excluding systems that are used primarily for commercial purposes. At this system level, safety and reliability are important; therefore signalling systems, brake and traction control systems, route setting systems and train crew and passenger information systems are within scope, but ticketing systems and off-line performance monitoring systems are not. 2.3 The aim of HISG is to reduce the overall risk to GB Rail that may arise from the increasing adoption of digital systems. 2.4 HISG should consider assessments and metrics for the overall risk relating to digital systems for high integrity railway operations for GB Rail. 2.5 HISG should identify which railway standards relate to the scope of the group s activities and which documents are owned by RSSB. The topics considered should cover all areas of interest in high integrity systems e.g.: RAMS, systems engineering, software development, cyber security, data governance, network protocols and interfaces. 2.6 The group will report to the (DRSG). 3 Objectives of group 3.1 Areas of work The group will identify and instigate opportunities for the development, application and transfer of best practice, both between railway disciplines and from other industry sectors, making use of bodies such as the Safety-Critical Systems Club where appropriate. Page 1 of 5

2 3.1.2 The group will work closely with the Digital Railway Cyber Security Steering Group and other groups as appropriate to provide guidance that can be used by industry Specifically, the group will consider the following areas in the context of digital systems for high integrity railway operations:- High Priority a) System requirements definition. b) Verification and validation processes. c) System management throughout the entire life cycle, including development, deployment, operation and maintenance. d) Cyber security guidance for the railway industry (in collaboration with DfT). e) Risk Assessment and risk management including identification of key areas of risk (of which cyber would be one) and the definition of controls, including standards and processes. Other Priority f) Opportunities for, and potential benefits of, the automation of testing. g) Guidance on industry training and competence routes for cyber security relating to digital systems for high integrity railway operations for GB Rail. h) Consider publishing on the RSSB HISG webpage industry specific cyber security documents as part of the Digital Railway Cyber Security Steering Group Cross industry programme for interconnected railway systems/sub-systems. i) Impact of the revision to the CSM Risk Acceptance Criteria on technical systems for operational railway systems An important facet of the work will be the effective dissemination of the information listed above to the rail industry in Great Britain In delivering the high priority work, the group will participate in the development of a guidance note for the industry based upon T1047: Guidance Note: Industry guidance on the use of software based systems for railway applications Work on raising awareness of cyber security within the rail industry Establish relationships and close out conversations with colleagues in other groups and also identify what work is currently being done and by whom Implement a governance model for industry, with supporting remits that deliver the activities agreed between the various groups. 3.1 Work planning When DRSG concludes that the group has delivered the requirements for the high priority work, the group will start the other priority items (unless DRSG concludes that there is no merit in continuing with the other priority items). Page 2 of 5

3 3.2 Conditions under which the sub group will cease activity The group has been formed to deliver the work areas identified under paragraph with the presumption that it will disband after the satisfactory delivery of these. The DRSG may define further work for the group or may (as in 3.2.1) conclude that other priority work is not merited. 4 Membership of group and supporting resources 4.1 There is cross industry interest in this topic, albeit coming from different viewpoints. There are principally three types of stakeholders: Customers - who need intelligence in the area of whole life management of the softwarebased products; and Suppliers - who generally need to have the detailed expertise to develop and integrate software between systems. Interested parties - who need guidance on managing the risks associated with the use of digital systems for high integrity railway operations. 4.2 Discussions to date have identified a need for each of the following stakeholder categories to be represented, and the individuals selected will be expected to have some understanding of the issues to be addressed, albeit they are not necessarily expected to be software experts: a) Train operators or their representatives b) Network Rail c) ROSCOs d) Suppliers (including both software developers, OEMs and tier 2 suppliers) e) Office of Rail Regulation (observer) f) British Transport Police g) Critical Protection National Infrastructure h) Transport for London i) High Speed 2 (HS2) j) Department of Transport k) System Manufacturers 4.3 Members may nominate alternates from within their constituencies, and be supported by observers to contribute to specific agenda items. 4.4 If the chairman is not an RSSB representative, then the constituency which the chairman represents will be invited to nominate a new representative. 4.5 It is considered likely that the group will need to commission work from independent experts, and funding for this will be justified and sought via RSSB research channels. 4.6 The members of the group are expected to have a network of other contacts within their constituencies whom they can draw upon for additional insight and advice, as required. 5 Disclosure of Interests 5.1 If a member, or a person for whom that member works, has a direct or indirect personal interest in a matter to be discussed by the group, as distinct from a common interest of the industry category as a whole, the member shall declare that interest to the Chairman of the group at the earliest opportunity: Page 3 of 5

4 a) On the first occasion at which the matter is discussed, or b) If a member is not aware of an interest at that time, at the next group meeting after which they become aware of that interest, regardless of whether the matter is being discussed at that meeting. 6 Process to elect and appoint new members / chairpersons 6.1 Electing new members Industry categories may each put in place arrangements for nominating a person to the HISG and can make a nomination on behalf of the relevant industry category when notified that a vacancy exists: a) ATOC for passenger Railway Undertakings b) RIA for suppliers and infrastructure contractors who can each nominate a member c) Rolling stock owners (including rolling stock leasing companies) d) Non-passenger Railway Undertakings, and e) Network Rail and other Infrastructure Managers Alternatively, RSSB may obtain nominations direct from RSSB member companies when no arrangements have been put in place by industry categories All members will consider nominations with reference to the criteria for membership and confirm the appointment of the member. 6.2 Electing a Chairperson Members shall make nominations for a new Chairman from the membership of the group and vote on the nomination(s) The group will make a recommendation to and seek endorsement from DRSG for the appointment of a new chairperson, based on the outcome of the vote. 7 Delegation of Authority 7.1 Decision Making The group has the authority to specify and sponsor research and other fact-finding activities, and to develop drafts of industry guidance documents. Any industry guidance documents will be endorsed for publication by either Data & Risk Strategy Group and/or the relevant standards committee. 8 Funding and Budget Management 8.1 There is no specific budget allocated to the group, but if it wishes to propose research activity it can do so directly through the RSSB industry research programme processes. Page 4 of 5

5 9 Organisation / Operation of Meetings 9.1 Meeting Quorum The meeting shall be considered quorate when the following representatives are present: 1 x Network Rail 1 x Passenger Train operators 1 x RoSCos 1 x Supplier 1 x RSSB When a meeting is not quorate, absent members will have one week after receipt of the draft minutes to object to a decision. If no objection is raised the decision taken in the meeting will stand. 9.2 Administration The group will be supported by the CCS&ENE delivery unit of RSSB with an identified Stakeholder Support Manager (SSM) providing meeting management services The SSM will: a) Call group meetings as required, up to six times per year b) Facilitate the drafting of a progress report, to be provided to DRSG every six months c) Agree meeting agendas with the Chairperson d) Make papers available electronically at least five working days before each meeting e) Produce minutes recording actions, and circulate within ten working days of the meeting f) Cause an annual review of the group s remit and membership and propose any refinements to DRSG for approval. Page 5 of 5