Technical Note - TN 021: 2019: Subject: Clarification To Trust of Networks

Technical Note – TN 021: 2019
For queries regarding this document

standards@transport.nsw.gov.au
www.transport.nsw.gov.au

Issue date: 13 December 2019
Effective date: 13 December 2019
Subject: Clarification to trust of networks

This technical note is issued by the Asset Standards Authority (ASA) as an update to
T MU SY 10012 ST Cybersecurity for IACS - Baseline Technical Cybersecurity System
Requirements and Countermeasures, version 1.0.
The updates include amendments to Section 5.2 to simplify the third condition which shall be
satisfied for a network to be considered trusted.
International standards for safety-related messaging in networks such as IEC 62280 Railway
applications - Communication, signalling and processing systems - Safety related communication
in transmission systems require defences to be implemented within the safety-related system:
• specific defences against threats to safety-related messages
• general defences against IT cybersecurity threats
These requirements apply throughout system life and need to consider the following:
• decreasing cost of high-performance computing
• increasing ease of launching attacks
• growing knowledge of safety-related systems and vulnerabilities
To consider a network to be trusted, IEC 62280 requires that the likelihood of unauthorised
access and injection of malicious safety-related messages is ‘negligible’, ‘excluded’, and ‘ruled-
out’.
TfNSW considers that it is now impractical to design, construct, operate, and maintain any
wireless network or wired wide area network that is capable of solely achieving a level of trust
required for safety-related systems.
© State of NSW through Transport for NSW 2019 Page 1 of 3

Therefore, all safety-related systems will require defences to protect against injected safety-
related messages in networks in accordance with current TfNSW standards. These defences may
be partially implemented in an access protection layer.
1. Section 5.2 System requirements for use of

networks
Replace the contents of Section 5.2 with the following:
Both trusted and untrusted networks may be used as conduits within an IACS.
A network may only be considered trusted if all of the following conditions are satisfied:
• all communication assets are dedicated to the IACS SuC and not shared with other systems;
including enterprise systems, other IACS, or external service provider systems
• it is operated and maintained through life in accordance with IACS SuC policies and
procedures
• it is a wired local area network wholly within a single physically secured premise
Otherwise all networks shall be considered untrusted.
An access protection layer shall be provided if safety-related equipment is not designed to

operate over an untrusted network, as shown in Figure 1.
Premise Premise
Safety Safety Safety

related related related
equipment equipment equipment
Trusted Wired LAN Trusted Wired LAN
Access Access
protection protection
layer layer
Untrusted network
Figure 1 - Access protection layer over an untrusted network
In accordance with IEC 62280, the access protection layer shall be included in the safety case,
but does not need to be safe by itself.

Trusted communication channels shall be established using the following:
• trusted networks
• untrusted networks only if cryptographic algorithms provide mutual authentication and

encryption – see SR 3.1 RE 1 and SR 4.1 RE 1 of IEC 62443-3-3
Note: This is in accordance with both IEC/TS 62443-1-1 Industrial communication

networks - Network and system security - Part 1-1: Terminology, concepts and models
and IEC 62280 Railway applications - Communication, signalling and processing
systems - Safety related communication in transmission systems.
The baseline cybersecurity system requirements for use of untrusted networks include the
following additional system requirements from IEC 62443-3-3 that shall be complied with:
• SR 3.1 RE 1 – Communication integrity – Cryptographic integrity protection
• SR 5.1 RE 2 – Network segmentation – Independence from non-control system networks
• SR 5.3 RE 1 – General purpose person-to-person communication restrictions – Prohibit all

general purpose person-to-person communication
Authorisation:
Technical content Checked and Endorsed by Interdisciplinary Authorised
prepared by approved by coordination for release
checked by
Signature
Date
Name James Piper James Piper Omer Saricilar Peter McGregor Andrea
Parker
Position A/Lead A/Lead A/Lead Signals A/Chief Engineer A/Executive
Telecommunications Telecommunications and Control Director
Engineer Engineer Systems
Engineer

T MU SY 10012 ST
Standard
Cybersecurity for IACS - Baseline

Technical Cybersecurity System
Requirements and
Countermeasures
Version 1.0
Issue date: 25 May 2018
Effective date: 01 July 2018
© State of NSW through Transport for NSW 2018

T MU SY 10012 ST
Cybersecurity for IACS - Baseline Technical Cybersecurity System Requirements and Countermeasures
Version 1.0
Important message
This document is one of a set of standards developed solely and specifically for use on
Transport Assets (as defined in the Asset Standards Authority Charter). It is not suitable for any
other purpose.
The copyright and any other intellectual property in this document will at all times remain the
property of the State of New South Wales (Transport for NSW).
You must not use or adapt this document or rely upon it in any way unless you are providing
products or services to a NSW Government agency and that agency has expressly authorised
you in writing to do so. If this document forms part of a contract with, or is a condition of
approval by a NSW Government agency, use of the document is subject to the terms of the
contract or approval. To be clear, the content of this document is not licensed under any
Creative Commons Licence.
This document may contain third party material. The inclusion of third party material is for
illustrative purposes only and does not represent an endorsement by NSW Government of any
third party product or service.
If you use this document or rely upon it without authorisation under these terms, the State of
New South Wales (including Transport for NSW) and its personnel does not accept any liability
to you or any other person for any loss, damage, costs and expenses that you or anyone else
may suffer or incur from your use and reliance on the content contained in this document. Users
should exercise their own skill and care in the use of the document.
This document may not be current and is uncontrolled when printed or downloaded. Standards
may be accessed from the Transport for NSW website at www.transport.nsw.gov.au
For queries regarding this document, please email the ASA at

standards@transport.nsw.gov.au or visit www.transport.nsw.gov.au
© State of NSW through Transport for NSW 2018

T MU SY 10012 ST
Version 1.0
Standard governance
Owner: Lead Telecommunications Engineer, Asset Standards Authority
Authoriser: Chief Engineer, Asset Standards Authority
Approver: Executive Director, Asset Standards Authority on behalf of the ASA Configuration Control
Board
Document history
Version Summary of changes
1.0 First issue.

T MU SY 10012 ST
Version 1.0
Preface
The Asset Standards Authority (ASA) is a key strategic branch of Transport for NSW (TfNSW).
As the network design and standards authority for NSW Transport Assets, as specified in the
ASA Charter, the ASA identifies, selects, develops, publishes, maintains and controls a suite of
requirements documents on behalf of TfNSW, the asset owner.
The ASA deploys TfNSW requirements for asset and safety assurance by creating and
managing TfNSW's governance models, documents and processes. To achieve this, the ASA
focuses on four primary tasks:
• publishing and managing TfNSW's process and requirements documents including TfNSW
plans, standards, manuals and guides
• deploying TfNSW's Authorised Engineering Organisation (AEO) framework
• continuously improving TfNSW’s Asset Management Framework
• collaborating with the Transport cluster and industry through open engagement
The AEO framework authorises engineering organisations to supply and provide asset related
products and services to TfNSW. It works to assure the safety, quality and fitness for purpose of
those products and services over the asset's whole-of-life. AEOs are expected to demonstrate
how they have applied the requirements of ASA documents, including TfNSW plans, standards
and guides, when delivering assets and related services for TfNSW.
Compliance with ASA requirements by itself is not sufficient to ensure satisfactory outcomes for
NSW Transport Assets. The ASA expects that professional judgement be used by competent
personnel when using ASA requirements to produce those outcomes.
About this document

This document forms part of a series of cybersecurity for industrial automation and control
systems (IACS) standards.
This document covers cyber risk management for IACS within the TfNSW Transport Network
across the asset life cycle.
This document has been prepared by the ASA in consultation with TfNSW agencies and
industry representatives.
This document has been informed by concepts contained in IEC TS 62443-1-1 Industrial
communication networks - Network and system security - Part 1-1: Terminology, concepts and
models and includes extracts from that standard.
The ASA thanks the International Electrotechnical Commission (IEC) for permission to
reproduce information from its international standards. All such extracts are copyright of IEC,
Geneva, Switzerland. All rights reserved.

T MU SY 10012 ST
Version 1.0
Further information on the IEC is available from www.iec.ch.
IEC has no responsibility for the placement and context in which the extracts and contents are
reproduced by the author, nor is IEC in any way responsible for the other content or accuracy
therein.
This standard is a first issue.

T MU SY 10012 ST
Version 1.0
Table of contents
1. Introduction .............................................................................................................................................. 7
2. Purpose .................................................................................................................................................... 7
2.1. Scope ..................................................................................................................................................... 7
2.2. Application ............................................................................................................................................. 8
3. Reference documents ............................................................................................................................. 8
4. Terms and definitions ............................................................................................................................. 9
5. Baseline cybersecurity system requirements .................................................................................... 11
5.1. System requirements for use of portable and mobile devices ............................................................. 12
5.2. System requirements for use of networks ........................................................................................... 13
5.3. System requirements for use of products ............................................................................................ 13
6. Baseline cybersecurity countermeasures .......................................................................................... 15

T MU SY 10012 ST
Version 1.0
1. Introduction
Australia’s cyber security strategy sets out the Australian Government program for strong cyber
defences; seeking to raise the bar on cybersecurity performance.
It states that “while detecting and responding to cyber intrusions is important, even more
important is to harden our networks and systems and make them less vulnerable to intrusions”.
Standardised baseline cybersecurity countermeasures are necessary to protect against casual

and coincidental violations and intentional violation using simple means.
2. Purpose
This document standardises the application of mandatory baseline cybersecurity
countermeasures that protect against casual and coincidental violations and intentional violation
using simple means.
Note: Compliance with the mandatory baseline requirements alone may not ensure
that the security objectives of TfNSW are achieved. T MU SY 10013 PR Cybersecurity
for IACS – Cybersecurity Risk Management Procedure defines the procedure for
managing cybersecurity risk. This procedure is suitable for industrial automation and
control systems (IACS) and has been tailored for TfNSW.
This document defines the baseline cybersecurity system requirements that align with
IEC 62443-3-3 Industrial communication networks - Network and system security - Part 3-3:
System security requirements and security levels.
This document requires technical cybersecurity countermeasures be implemented that meet the
baseline system requirements and realise security level capabilities in accordance with the
corresponding controls from the Australian Government Information Security Manual (ISM) and
Australian Government Protective Security Policy Framework (PSPF).
Note: NSW public sector agencies, including TfNSW, are not required to directly
comply with the Australian Government ISM or PSPF. However, TfNSW has
proactively aligned to the ISM and PSPF in the areas of information and physical
security. Aligning to this approach for the cybersecurity of IACS achieves consistency
across TfNSW and nationally with the Australian Government.
2.1. Scope
This document addresses technical cybersecurity system requirements, capabilities and
countermeasures.
This document does not address policies and procedures.

T MU SY 10012 ST
Version 1.0
Note: The asset owner is responsible for defining policies and procedures for the
operation and maintenance of an IACS. Policies and procedures are addressed in
IEC 62443-2-1 Industrial communication networks - Network and system security -
Part 2-1: Establishing an industrial automation and control system security program.
2.2. Application
This document applies to asset owners, system integrators and product suppliers.
This document applies to the plan stage and acquire stage of the asset life cycle.
This document applies to new subsystems or products integrated into an existing ‘automation
solution’ as part of a configuration change.
The asset owner may direct the retrospective application of this document to an existing
automation solution.
This document shall be read in conjunction with the Cybersecurity for IACS series of standards
and IEC 62443 series of standards.
3. Reference documents
The following documents are cited in the text. For dated references, only the cited edition
applies. For undated references, the latest edition of the referenced document applies.
International standards
IEC 62280 Railway applications - Communication, signalling and processing systems - Safety
related communication in transmission systems
IEC/TS 62443-1-1 Industrial communication networks - Network and system security - Part 1-1:
Terminology, concepts and models
Establishing an industrial automation and control system security program
IEC 62443-2-4 Security for industrial automation and control systems – Part 2-4: Security
program requirements for IACS service providers
System security requirements and security levels
Transport for NSW standards
T MU AM 04001 PL TfNSW Configuration Management Plan
T MU SY 10010 ST Cybersecurity for IACS - Series Overview
T MU SY 10013 PR Cybersecurity for Industrial Automation and Control Systems –

Cybersecurity Risk Management Procedure

T MU SY 10012 ST
Version 1.0
T MU TE 61007 ST Time Synchronisation of Industrial Automation and Control Systems
Other reference documents
Australian Signals Directorate, Strategies to Mitigate Cyber Security Incidents
Commonwealth of Australia, Attorney-General's Department 2014, Protective Security Policy

Framework
Commonwealth of Australia, Department of the Prime Minister and Cabinet 2016, Australia’s
Cyber Security Strategy
Commonwealth of Australia, Department of Defence 2016, Information Security Manual
FIRST Common Vulnerability Scoring System
MITRE Corporation 2017, Common Vulnerabilities and Exposures (CVE®)
Senate of the United States Bill S.1691 — 115th Congress (2017-2018) Internet of Things (IoT)
Cybersecurity Improvement Act of 2017
4. Terms and definitions

The following terms and definitions apply in this document:
AEO authorised engineering organisation
ASA Asset Standards Authority
asset owner individual or company responsible for one or more IACS (IEC 62443-3-3 ed.1.0)
authenticate verify the identity of a user, user device, or other entity, or the integrity of data
stored, transmitted, or otherwise exposed to unauthorized modification in an information
system, or to establish the validity of a transmission (IEC/TS 62443-1-1 ed.1.0)
automation solution control system and any complementary hardware and software
components that have been installed and configured to operate in an IACS (IEC 62443-2-4
ed.1.0)
communication channel specific logical or physical communication link between assets (IEC
62443-3-3 ed.1.0)
conduit logical grouping of communication channels, connecting two or more zones, that share
common security requirements (IEC 62443-3-3 ed.1.0)
CM configuration management
countermeasure action, device, procedure, or technique that reduces a threat, a vulnerability,

or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by
discovering and reporting it so that corrective action can be taken (IEC/TS 62443-1-1 ed.1.0)

T MU SY 10012 ST
Version 1.0
cryptographic algorithm algorithm based upon the science of cryptography, including

encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key
agreement algorithms (IEC/TS 62443-1-1 ed.1.0)
cybersecurity actions required to preclude unauthorized use of, denial of service to,
modifications to, disclosure of, loss of revenue from, or destruction of critical systems or
informational assets (IEC/TS 62443-1-1 ed.1.0)
encryption cryptographic transformation of plaintext into ciphertext that conceals the data’s
original meaning to prevent it from being known or used (IEC/TS 62443-1-1 ed.1.0)
enterprise system collection of information technology elements (i.e., hardware, software and
services) installed with the intent to facilitate an organization’s business process or processes
(administrative or project) (IEC/TS 62443-1-1 ed.1.0)
hardcoded credential a value, such as a password, token, private or shared cryptographic key
used for authentication, that is -
• established by a manufacturer or supplier; and
• incapable of being modified or revoked by the user
IACS industrial automation and control systems; collection of personnel, hardware, and
software that can affect or influence the safe, secure, and reliable operation of an industrial
process (IEC/TS 62443-1-1 ed.1.0)
ISM information security manual
product supplier manufacturer of hardware and/or software product (IEC 62443-3-3 ed.1.0)
PSPF protective security policy framework
RE requirement enhancement
risk expectation of loss expressed as the probability that a particular threat will exploit a
particular vulnerability with a particular consequence (IEC/TS 62443-1-1 ed.1.0)
SL security level; level corresponding to the required effectiveness of countermeasures and

inherent security properties of devices and systems for a zone or conduit based on assessment
of risk for the zone or conduit (IEC/TS 62443-1-1 ed.1.0)
security zone grouping of logical or physical assets that share common security requirements
(IEC/TS 62443-1-1 ed.1.0)
service provider organization (internal or external organization, manufacturer, etc.) that has
agreed to undertake responsibility for providing a given support service and obtaining, when
specified, supplies in accordance with an agreement (IEC 62443-3-3 ed.1.0)
SuC system under consideration

T MU SY 10012 ST
Version 1.0
system integrator person or company that specializes in bringing together component

subsystems into a whole and ensuring that those subsystems perform in accordance with
project specifications (IEC 62443-3-3 ed.1.0)
TfNSW Transport for NSW
trust confidence that an operation, data transaction source, network or software process can be
relied upon to behave as expected (IEC 62443-3-3 ed.1.0)
untrusted not meeting predefined requirements to be trusted (IEC 62443-3-3 ed.1.0)
All definitions from IEC/TS 62443-1-1 ed.1.0 are Copyright © 2009 IEC Geneva,
Switzerland. www.iec.ch
All definitions from IEC 62443-2-4 ed.1.0 are Copyright © 2017 IEC Geneva,
All definitions from IEC 62443-3-3 ed.1.0 are Copyright © 2013 IEC Geneva,
5. Baseline cybersecurity system requirements

As defined in T MU AM 04001 PL TfNSW Configuration Management Plan, system
requirements are developed in the plan stage of the asset life cycle and submitted to
configuration management (CM) gate 1 unless a tailored application has been approved.
The system requirements specification shall incorporate the baseline cybersecurity system
requirements and this shall be demonstrated in the CM gates submissions.
The automation solution shall comply with the baseline cybersecurity system requirements and
all additional cybersecurity system requirements determined following the application of
T MU SY 10013 PR.
The baseline cybersecurity system requirements include all security level 2 (SL2) capabilities in
System security requirements and security levels.
Notes:
1. The baseline cybersecurity system requirements are comprised of capabilities from

SL2, and specific additional capabilities from SL3 and SL4, where necessary to treat
identified risks in the standard risk register and to accommodate changes in the threat
environment and the organisational risk tolerance and security objectives over the
time.
2. The baseline cybersecurity system requirements have been cross-checked against

the Australian Signals Directorate Strategies to Mitigate Cyber Security Incidents and
address all the essential eight.

T MU SY 10012 ST
Version 1.0
System requirements are expressed in IEC 62443-3-3 as technical security capabilities, which
shall be implemented as technical countermeasures.
5.1. System requirements for use of portable and mobile

devices
Portable and mobile devices may be considered trusted if all of the following conditions are
satisfied:
• they are dedicated to the IACS system under consideration (SuC) and not shared with
other systems, including enterprise systems, IACS, or external service provider systems
• they are operated and maintained in accordance with IACS SuC policies and procedures
Notes:
1. An IACS SuC can comprise multiple subsystems integrated into a single

‘automation solution’.
2. Portable and mobile devices may use untrusted networks, if trust of the
communication channel is established – see Section 5.2.
Trusted portable and mobile devices may be used to operate or maintain devices within an
IACS.
Untrusted portable and mobile devices shall not be physically or logically connected to the IACS
SuC.
The baseline cybersecurity system requirements for trusted portable and mobile devices include
the following additional system requirements from IEC 62443-3-3 that shall be complied with:
• SR 1.1 RE 3 – Human user identification and authentication – Multifactor authentication for

all networks
• SR 1.2 RE 1 – Software process and device identification and authentication – Unique

identification and authentication
• SR 2.3 RE 1 – Use control for portable and mobile devices – Enforcement of security
status of portable and mobile devices


T MU SY 10012 ST
Version 1.0
5.2. System requirements for use of networks

Both trusted and untrusted networks may be used as conduits within an IACS.
Networks may be considered trusted if all of the following conditions are satisfied:
• all communication assets comprising the network are dedicated to the IACS SuC and not
shared with other systems, including enterprise systems, IACS, or external service provider
systems
• they are operated and maintained in accordance with IACS SuC policies and procedures
• they are wholly within a single physical security zone, that is, they do not cross a physical
security zone boundary
Trusted communication channels shall be established using the following:
• trusted networks
• untrusted networks only if cryptographic algorithms provide mutual authentication and

encryption – see SR 3.1 RE 1 and SR 4.1 RE 1 of IEC 62443-3-3
Note: This is in accordance with both IEC/TS 62443-1-1 Industrial communication

networks - Network and system security - Part 1-1: Terminology, concepts and models
and IEC 62280 Railway applications - Communication, signalling and processing
systems - Safety related communication in transmission systems.
The baseline cybersecurity system requirements for use of untrusted networks include the
following additional system requirements from IEC 62443-3-3 that shall be complied with:
• SR 3.1 RE 1 – Communication integrity – Cryptographic integrity protection
• SR 5.1 RE 2 – Network segmentation – Independence from non-control system networks

5.3. System requirements for use of products

Integrating an ‘automation solution’ from product that does not have basic security capabilities
exposes the solution to unknown future risks. Placing basic security capability requirements
onto the product suppliers cost effectively addresses risk early in the product development
cycle.
Implicitly, the asset owner places trust in the product supplier that the product hardware and
software components are as designed. However the supply chain itself is deemed untrusted
and so trust of the delivered hardware and software components shall be established.

T MU SY 10012 ST
Version 1.0
Notes:
1. The requirements in this section have been adapted from the Senate of the United
States Bill S.1691 — 115th Congress (2017-2018) Internet of Things (IoT)
Cybersecurity Improvement Act of 2017.
2. As part of the IEC 62443 series, the IEC are developing standards for secure
product development. These standards will be reviewed for adoption and tailored
conformance for TfNSW following publication.
The system integrator shall obtain written certification from product suppliers that all proposed
devices meet the following:
• do not contain any hardware or software component with any unremediated security
vulnerabilities known to the manufacturer or supplier, or published on any publically
accessible vulnerability database such as MITRE Common Vulnerabilities and Exposures
(CVE®)
• rely on software components capable of accepting cryptographically authenticated software

updates only from the authorised supplier
• do not include any hardcoded credentials
The system integrator shall obtain the following written information from product suppliers that
describe for all proposed devices:
• how the device receives, authenticates and applies security updates
• anticipated timeline for ending security support
If the product supplier becomes aware of any security vulnerability during security support, they
shall do the following:
• notify the asset owner, operator and maintainer of the security vulnerability within five
business days
• notify CERT Australia of the security vulnerability within five business days for restricted
information sharing amongst partner organisations
• provide a software update to remediate the security vulnerability as soon as practicable if it

has a FIRST Common Vulnerability Scoring System (CVSS) version 3 severity of medium,
high or critical, or alternatively, repairing or replacing the device

T MU SY 10012 ST
Version 1.0
6. Baseline cybersecurity countermeasures

As defined in T MU AM 04001 PL TfNSW Configuration Management Plan, preliminary design
and detailed design are developed in the acquire stage of the asset life cycle and submitted to
CM gate 2 and gate 3 unless a tailored application has been approved.
Preliminary design and detailed design shall incorporate the baseline cybersecurity
countermeasures and this shall be demonstrated in the CM gates submissions.
Transport standards contain requirements for technical cybersecurity countermeasures that may
address the baseline cybersecurity system requirements.
For example, T MU TE 61007 ST Time Synchronisation of Industrial Automation and

Control Systems contains specific requirements for countermeasures that meet
SR 2.11, SR 2.11 RE 1 and SR 2.11 RE 2.
Where technical cybersecurity countermeasures are not stated in Transport standards, they
shall be developed in accordance with the Australian Government Information Security Manual
(ISM) and Australian Government Protective Security Policy Framework (PSPF).
ISM controls applicable to unclassified information, indicated by 'UD' may be applied to IACS.
ISM controls applicable to security classified information, indicated by 'P', 'C', 'S' or 'TS', do not
apply to IACS.
Configuration information held with asset and configuration management databases shall be
sourced to programmatically configure applicable technical countermeasures.
For example, information sourced from the configuration management system is

programmatically used to generate traffic specifications and gateway firewall rules.

Technical Note - TN 021: 2019: Subject: Clarification To Trust of Networks

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Technical Note - TN 021: 2019: Subject: Clarification To Trust of Networks

Uploaded by

Copyright:

Available Formats

Technical Note – TN 021: 2019

For queries regarding this document

Technical Note – TN 021: 2019

Effective date: 13 December 2019

Subject: Clarification to trust of networks

• specific defences against threats to safety-related messages

• general defences against IT cybersecurity threats

• decreasing cost of high-performance computing

• increasing ease of launching attacks

• growing knowledge of safety-related systems and vulnerabilities

© State of NSW through Transport for NSW 2019 Page 1 of 3

1. Section 5.2 System requirements for use of

Otherwise all networks shall be considered untrusted.

An access protection layer shall be provided if safety-related equipment is not designed to

Safety Safety Safety

Trusted Wired LAN Trusted Wired LAN

Figure 1 - Access protection layer over an untrusted network

© State of NSW through Transport for NSW 2019 Page 2 of 3

Trusted communication channels shall be established using the following:

• untrusted networks only if cryptographic algorithms provide mutual authentication and

Note: This is in accordance with both IEC/TS 62443-1-1 Industrial communication

• SR 3.1 RE 1 – Communication integrity – Cryptographic integrity protection

• SR 5.1 RE 2 – Network segmentation – Independence from non-control system networks

• SR 5.3 RE 1 – General purpose person-to-person communication restrictions – Prohibit all

© State of NSW through Transport for NSW 2019 Page 3 of 3

Cybersecurity for IACS - Baseline

© State of NSW through Transport for NSW 2018

For queries regarding this document, please email the ASA at

© State of NSW through Transport for NSW 2018

© State of NSW through Transport for NSW 2018 Page 3 of 15

• deploying TfNSW's Authorised Engineering Organisation (AEO) framework

• continuously improving TfNSW’s Asset Management Framework

About this document

© State of NSW through Transport for NSW 2018 Page 4 of 15

Further information on the IEC is available from www.iec.ch.

This standard is a first issue.

© State of NSW through Transport for NSW 2018 Page 5 of 15

© State of NSW through Transport for NSW 2018 Page 6 of 15

Standardised baseline cybersecurity countermeasures are necessary to protect against casual

This document does not address policies and procedures.

© State of NSW through Transport for NSW 2018 Page 7 of 15

Transport for NSW standards

T MU AM 04001 PL TfNSW Configuration Management Plan

T MU SY 10010 ST Cybersecurity for IACS - Series Overview

T MU SY 10013 PR Cybersecurity for Industrial Automation and Control Systems –

© State of NSW through Transport for NSW 2018 Page 8 of 15

T MU TE 61007 ST Time Synchronisation of Industrial Automation and Control Systems

Other reference documents

Australian Signals Directorate, Strategies to Mitigate Cyber Security Incidents

Commonwealth of Australia, Attorney-General's Department 2014, Protective Security Policy

Commonwealth of Australia, Department of Defence 2016, Information Security Manual

FIRST Common Vulnerability Scoring System

MITRE Corporation 2017, Common Vulnerabilities and Exposures (CVE®)

4. Terms and definitions

AEO authorised engineering organisation

ASA Asset Standards Authority

countermeasure action, device, procedure, or technique that reduces a threat, a vulnerability,

© State of NSW through Transport for NSW 2018 Page 9 of 15

cryptographic algorithm algorithm based upon the science of cryptography, including

• established by a manufacturer or supplier; and

• incapable of being modified or revoked by the user

ISM information security manual

PSPF protective security policy framework