Digitalisation changes operation and maintenance in railways. Emerging digital technologies facilitate implementation of enhanced eMaintenance solutions through utilisation of distributed computing and artificial intelligence. In railway, the digital technology deployment is expected to improve the railway system’s sustainability, availability, reliability, maintainability, capacity, safety, and security including cybersecurity. In digitalised railway, aspects of cybersecurity are essential in order to achieve overall system dependability. Lack of cybersecurity imposes negative impacts on the railways like reputational damage, heavy costs, service unavailability and risk to the safety of employees and passengers.

It has been observed, through open access data, that many railway organizations focus on detective measures of security threats with less emphasis on forecasting of cyber-attacks. In order to prepare in advance for cyberattacks, it is essential that Information and Communication Technology (ICT) and Operational Technology (OT) in railways need to undergo continuous updating towards security analytics approach. This approach will help the railways to produce proactive security measures to cyberattacks.

 In this work, it has been observed that there exists some standards and guidelines related to cybersecurity in railways (e.g. AS 7770- Rail Cyber Security, APTA SS-CCS-004-16, BS EN 50159:2010+A1:2020). These standards and guidelines are proprietary (i.e. either organization-specific or country-specific) and are followed by most of the railway organizations. These proprietary standards and guidelines lack in providing a holistic approach to enable interoperability, scalability, orchestration, adaptability, and agility for railway’s stakeholders. Therefore, there is a need for a generic cybersecurity framework for digitalized railways to facilitate proactive cybersecurity and threat intelligence sharing within the railways. 

The proposed framework, i.e., Cybersecurity Information Delivery Framework has been developed by integrating existing models, technologies, and standards to minimize the risks of cyber-attacks in the railways. The framework maps different layers of Open System Architecture for Condition-Based Maintenance (OSA-CBM) in the context of cybersecurity to deliver threat intelligence. The framework implements extended Cyber Kill Chain (CKC) and Industrial Control System (ICS) Kill Chain for detecting cyberattacks. The framework also incorporates proposed Railway Defender Kill Chain (RDKC) that enables proactive cybersecurity. Therefore, the proposed framework enables proactive cybersecurity and shares threat intelligence for improving cybersecurity in railways.