Recommended Practice

Securing Control and Communications Systems in Rail Transit Environments
Part II: Defining a Security Zone Architecture for Rail Transit and Protecting Critical Zones


This document covers recommended practices for securing control and communication systems in rail transit environments.

Document History
Document Number Version Publication Date Publication Related Information
APTA SS-CCS-RP-002-13 06/28/2013 Published Current


 communications based-train control (CBTC), control and communications security, cybersecurity, positive train control (PTC), radio, rail transit vehicle, SCADA (supervisory control and data acquisition), train control, signalling


This Recommended Practice is Part-II in a series of documents to be released. Part-I released in July 2010 addresses the importance of control and communications security to a transit agency, provides a survey of the various systems that constitute typical transit control and communication systems, identifies the steps that an agency would follow to set up a successful program, and establishes the stages in conducting a risk assessment and managing risk. Part-II presents Defense-In-Depth as a recommended approach for securing rail communications and control systems, defines security zone classifications, and defines a minimum set of security controls for the most critical zones, the, SAFETY CRITICAL SECURITY ZONE (SCSZ) and the FIRE, LIFE-SAFETY SECURITY ZONE (FLSZ). Later parts will cover recommended practices for less critical zones, the rail vehicles, and provide other guidance for a transit agency.

​Get Involved

Want to participate in development of this document? Join the Working Group or Learn More

Related Documents

​ ​​

Print Friendly, PDF & Email