The Compliance of ISO 27001 and NIST 2.0 Cybersecurity Management Framework in Railway System Assurance Project Monitoring: Case Study of Automatic Rail Transit (ART) System
摘要
This study examines the compliance of the ISO 27001 and NIST 2.0 Cybersecurity Management Framework in ensuring the security of the ART System. As urban rail systems increasingly integrate advanced technologies to enhance operational efficiency and passenger safety, they become vulnerable to emerging cybersecurity threats. The research focuses on assessing the current maturity levels of ART subsystems (Automated Platform Gates, Hydrogen Vehicle, Depot Equipment and Maintenance Vehicle, and Signaling and Control Systems) in line with ISO 27001 and NIST 2.0 guidelines. Through a combination of interviews and observational checklists, this study identifies the most common cybersecurity controls applied in the ART project, as well as the effectiveness of implemented security designs. The findings reveal significant gaps in cybersecurity maturity, particularly in the Hydrogen Vehicle subsystem, and suggest the need for enhanced cybersecurity measures, such as improved personnel training and optimized technological controls. This study contributes valuable insights for railway operators to improve their security frameworks, ensuring robust protection against cyber threats and achieving greater compliance with international standards. The results aim to inform future improvements in system resilience and operational security across the railway sector.