<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">vestnikvniizht</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Научно-исследовательского института железнодорожного транспорта (ВЕСТНИК ВНИИЖТ)</journal-title><trans-title-group xml:lang="en"><trans-title>RUSSIAN RAILWAY SCIENCE JOURNAL</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2223-9731</issn><issn pub-type="epub">2713-2560</issn><publisher><publisher-name>Joint Stock Company "Railway Research Institute"</publisher-name></publisher></journal-meta><article-meta><article-id custom-type="elpub" pub-id-type="custom">vestnikvniizht-61</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>Другое</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>Miscellaneous</subject></subj-group></article-categories><title-group><article-title>Международная кибербезопасность на железнодорожном транспорте: методологические подходы и нормативная методическая база</article-title><trans-title-group xml:lang="en"><trans-title>International Cybersecurity on Railway Transport: Methodological Approaches and Normal Procedural Framework</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Ададуров</surname><given-names>С. Е.</given-names></name><name name-style="western" xml:lang="en"><surname>Adadurov</surname><given-names>S. E.</given-names></name></name-alternatives><email xlink:type="simple">czi_mpc@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Диасамидзе</surname><given-names>С. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Diasamidze</surname><given-names>S. V.</given-names></name></name-alternatives><email xlink:type="simple">sv.diass99@yandex.ru</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Корниенко</surname><given-names>А. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Kornienko</surname><given-names>A. A.</given-names></name></name-alternatives><email xlink:type="simple">kaa.pgups@yandex.ru</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Сидак</surname><given-names>А. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Sidak</surname><given-names>A. A.</given-names></name></name-alternatives><email xlink:type="simple">sidak@cbi-info.ru</email><xref ref-type="aff" rid="aff-3"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>АО «Росжелдорпроект»</institution><country>Россия</country></aff><aff xml:lang="en"><institution>JSC “Roszheldorproekt”</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Петербургский государственный университет путей сообщения (ПГУПС)</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Petersburg State Transport University (PGUPS)</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-3"><aff xml:lang="ru"><institution>ООО «Центр безопасности информации»</institution><country>Россия</country></aff><aff xml:lang="en"><institution>LLC “Information Security Center”</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2015</year></pub-date><pub-date pub-type="epub"><day>28</day><month>12</month><year>2015</year></pub-date><volume>0</volume><issue>6</issue><fpage>9</fpage><lpage>15</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Ададуров С.Е., Диасамидзе С.В., Корниенко А.А., Сидак А.А., 2015</copyright-statement><copyright-year>2015</copyright-year><copyright-holder xml:lang="ru">Ададуров С.Е., Диасамидзе С.В., Корниенко А.А., Сидак А.А.</copyright-holder><copyright-holder xml:lang="en">Adadurov S.E., Diasamidze S.V., Kornienko A.A., Sidak A.A.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.journal-vniizht.ru/jour/article/view/61">https://www.journal-vniizht.ru/jour/article/view/61</self-uri><abstract><p>Представлены методологические подходы и практические направления международного сотрудничества в области информационной безопасности и кибербезопасности на железных дорогах, одобренные созданной в рамках программы COLPOFER рабочей группой «Кибербезопасность на железнодорожном транспорте». Проанализированы основные факторы и предпосылки необходимости защиты информационной инфраструктуры железнодорожного транспорта от компьютерных атак. Рассмотрен понятийный аппарат кибербезопасности. Изложены основные положения нормативных методических документов, разрабатываемых международной рабочей группой «Кибербезопасность на железнодорожном транспорте». Охарактеризованы объекты информационной инфраструктуры железнодорожного транспорта с точки зрения подверженности их компьютерным атакам и выделены наиболее уязвимые элементы. Приведена классификация типов компьютерных атак и способы их реализации. Рассмотрены основные организационные и технические меры защиты объектов информационной инфраструктуры железнодорожного транспорта от компьютерных атак.</p></abstract><trans-abstract xml:lang="en"><p>The paper deals with methodological approaches and practical venues of international cooperation in the areas of information security and cybersecurity on railway transport. The approaches were adopted by the workshop “Cybersecurity on Railway Transport” established within the framework of the COLOPOFER program. There are analyzed main factors and prerequisites governing the necessity of hacking countermeasures on the part of railway IT infrastructure. Also discussed are cybersecurity related definitions. There are presented principal provisions of normative techniques being developed by the international workshop “Cybersecurity on Railway Transport”. Basic IT information infrastructure objects of railway transport are characterized with respect to their hacking susceptibility and their most vulnerable components are highlighted. There is presented classification of the types of computer attacks and their implementation me-dia. Also discussed are organizational and routine hacking countermeasures to be taken in the railway IT infrastructure environment.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>кибербезопасность</kwd><kwd>информационная безопасность</kwd><kwd>компьютерная атака</kwd><kwd>защита информационной инфраструктуры</kwd></kwd-group><kwd-group xml:lang="en"><kwd>cybersecurity</kwd><kwd>information security</kwd><kwd>computer attack</kwd><kwd>IT infrastructure protection</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Ададуров С. Е., Глухов А. П., Корниенко А. А. Информационная безопасность и защита информации на железнодорожном транспорте. Ч. 1: Методология и система обеспечения информационной безопасности на железнодорожном транспорте. М.: Учебно-методический центр по образованию на железнодорожном транспорте, 2014. 439 с.</mixed-citation><mixed-citation xml:lang="en">Adadurov S. E., Glukhov A. P., Kornienko A. A. Informatsionnaya bezopasnost’ i zashchita  informatsii na zheleznodorozhnom transporte. Ch. 1: Metodologiya i sistema obespecheniya  informatsionnoy bezopasnosti na zheleznodorozhnom transporte [Information security and protection  of information on railway transport. Pt. 1: The methodology and the system of information security  in railway transport]. Moscow, Educational and Training Center in Railway Transport Publ., 2014. 439 p.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">NIST Computer Security Resource Clearinghouse. URL: http://csrc.nist.gov</mixed-citation><mixed-citation xml:lang="en">NIST Computer Security Resource Clearinghouse. Available at: http://csrc.nist.gov.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Р. Ludlow. What is a ‘Hacktivist’? // The New York Times, January 13, 2013. URL: http://opinionator.blogs.nytimes.com/2013/01/13/what-is-a-hacktivist/</mixed-citation><mixed-citation xml:lang="en">Ludlow P. What is a “Hacktivist”? The New York Times, January 13, 2013. Available at:  http://opinionator.blogs.nytimes.com/2013/01/13/what-is-a-hacktivist/.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">E. Mills. Report: Countries prepping for cyberwar // November 17, 2009. URL: http://www.cnet.com/news/report-countries-prepping-for-cyberwar/</mixed-citation><mixed-citation xml:lang="en">Mills E. Report: Countries prepping for cyberwar. CNET, November 17, 2009. Available at:  http://www.cnet.com/news/reportcountries-prepping-for-cyberwar/</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Блехшмидт П. НАТО готовится к ведению компьютерных войн // Süddeutsche Zeitung, 2010. 5 октября. URL: http://inosmi.ru/europe/20101005/163386175-print.html</mixed-citation><mixed-citation xml:lang="en">Blechschmidt P. NATO is preparing to conduct computer wars. Süddeutsche Zeitung, October 5,  2010. Available at: http://inosmi.ru/europe/20101005/163386175‑print. html. (in Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Singer, P. W. &amp; Friedman, A. Cybersecurity and cyberwar: what everyone needs to know. New York, NY: Oxford University Press, 2014. viii, 306 p. ISBN 978-0-19-991811-9.</mixed-citation><mixed-citation xml:lang="en">Singer P. W., Friedman A. Cybersecurity and cyberwar: What everyone needs to know. New York, OUP Publ., 2014. 306 p.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Лукацкий А. Безопасность критических инфраструктур. Международные аспекты. URL: http://lukatsky.blogspot.ru/2013/09/blog-post_26.html</mixed-citation><mixed-citation xml:lang="en">Lukatskiy A. Security of critical infrastructures: International experience. September 26,  2013. Available at: http://lukatsky.blogspot.ru/2013/09/blog-post_26. html. (in Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27032:2012 Information technology - Security techniques - Guidelines for cybersecurity. URL: https://www.iso.org/obp/ui/#iso:std:iso-iec:27032: ed-1:v1:en</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27032:2012 Information technology — Security techniques — Guidelines for cybersecurity.  Available at: https://www.iso.org/obp/ui/#iso: std: iso-iec:27032: ed-1: v1: en.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Высокие технологии в США: Опыт министерства обороны и других ведомств / Д. О. Рогозин [и др.]. М.: Издательство Московского университета, 2013. 384 с.</mixed-citation><mixed-citation xml:lang="en">Rogozin D. O., Sheremet I. A., Garbuk S. V., Gubinskiy A. M. Vysokie tekhnologii v SShA: Opyt  ministerstva oborony i drugikh vedomstv [High-Tech in the USA: Experience of the Ministry of  Defense and other agencies]. Moscow, MSU Publ., 2013. 384 p.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Recommendation ITU-T X.1205 (Международный Союз Электросвязи). URL: http://handle.itu.int/11.1002/1000/9136</mixed-citation><mixed-citation xml:lang="en">Recommendation ITU-T X. 1205. International Telecommunication Union. Available at: http://handle.itu.int/11.1002/1000/9136.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">ГОСТ Р ИСО/МЭК ТО 18044 - 2007. Информационная технология. Методы и средства обеспечения безопасности. Менеджмент инцидентов информационной безопасности. URL: http://standartgost.ru/g/ГОСТ_Р_ИСО/МЭК_ТО_18044-2007</mixed-citation><mixed-citation xml:lang="en">GOST R ISO/MEK TO 18044 – 2007. Information technology. Methods and means of ensuring safety.  Management of information security incidents. Available at: http://standartgost.ru/g/ГОСТ_Р_ИСО/МЭК_ТО_18044-2007. (in Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Основные направления государственной политики в области обеспечения безопасности автоматизированных систем управления производственными и технологическими процессами критически важных объектов инфраструктуры Российской Федерации: утв. Президентом РФ 03.02.2012 № 803. URL: http://www.scrf.gov.ru/documents/6/113.html</mixed-citation><mixed-citation xml:lang="en">The main directions of the state policy in the field of security of automated control systems  of production and technological processes of critical infrastructure of the Russian Federation.  Approved by the President of the Russian Federation on February 03, 2012 № 803. Available at:  http://www.scrf.gov.ru/documents/6/113.html. (in Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Указ Президента РФ «О создании государственной системы обнаружения, предупреждения и ликвидации последствий компьютерных атак на информационные ресурсы Российской Федерации» от 15.01.2013 №31с. URL: http://www.rg.ru/2013/01/18/komp-ataki-site-dok.html</mixed-citation><mixed-citation xml:lang="en">Presidential Decree “On establishment of the state system of detection, prevention and  elimination of consequences of cyber attacks on information resources of the Russian Federation”  dated January 15, 2013 № 31s. Rossiyskaya gazeta, January 18, 2013. Available at: http://www.rg.ru/2013/01/18/komp-ataki-site-dok.html. (in Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Приказ ФСТЭК России «Об утверждении Требований о защите информации, не составляющей государственную тайну, содержащейся в государственных информационных системах» от 11.02.2013 № 17. URL: http://www.rg.ru/2013/06/26/gostajna-dok.html</mixed-citation><mixed-citation xml:lang="en">Order of the Federal Service for Technical and Export Control of Russia “On approval of the  Requirements for the protection of information of no state secret contained in the state  information systems” of February 11, 2013 № 17. Rossiyskaya gazeta, June 26, 2013, no. 6112.  Available at: http://www.rg.ru/2013/06/26/gostajna-dok. html. (in Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Приказ ФСТЭК России «Об утверждении Требований к обеспечению защиты информации в автоматизированных системах управления производственными и технологическими процессами на критически важных объектах, потенциально опасных объектах, а также объектах, представляющих повышенную опасность для жизни и здоровья людей и для окружающей природной среды» от 14.03.2014 № 31. URL: http://www.rg.ru/2014/08/06/fstek-dok.html</mixed-citation><mixed-citation xml:lang="en">Order of the Federal Service for Technical and Export Control  of Russia “On approval of  requirements to ensure the protection of information in automated control systems of production and technological processes on critical facilities, potentially hazardous objects as well as  objects representing the increased danger to life and health and to the environment” of March 14, 2014. Rossiyskaya gazeta, August 6, 2014, no. 6447. Available at: http://www.rg.ru/2014/08/06/fstek-dok. html. (in Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">ISA/IEC 62443 Industrial Automation and Control Systems Security. URL: https://www.tofinosecurity.com/resources/topics/isaiec-62443</mixed-citation><mixed-citation xml:lang="en">ISA/IEC 62443. Industrial automation and control systems security. Available at:  https://www.tofinosecurity.com/resources/topics/isaiec-62443</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
