Cybersecurity for secure train operation

Cybersecurity and IT security for trains and rolling stock

Transportation companies need trains with state-of-the-art IT systems in order to provide passengers with attractive transport services. Increasing digitalization permits more efficient rail service and optimized maintenance. However, this also leads to greater exposure to cyberattacks. Railway operators, vehicle manufacturers and their suppliers must work together to confront this risk. In its vehicles, Siemens Mobility guarantees the highest level of cybersecurity throughout their entire lifecycle thanks to a secure system design and comprehensive IT security services – for regional and high-speed trains, metros, trams, and commuter rail lines, as well as passenger trains and locomotives.

Our experts are happy to advise you:

Contact us

Secure operations in the digital age

Attractive, modern rail services are possible only when trains are equipped with powerful IT systems that connect to the operators’ wayside infrastructure. Therefore, both train-side and wayside IT systems must be protected against attacks with holistic security concepts. This is why governments are also attaching ever greater importance to cybersecurity. Operators, manufacturers, and suppliers are facing a growing number of regulatory challenges.
 

When it comes to cybersecurity, transportation companies have a strong partner in Siemens Mobility. We bring expertise, efficient workflows, and practical experience to cybersecurity for rolling stock based on over 100 customer projects. Siemens Mobility offers you secure solutions from a single source.

Expertise

Cybersecurity – a job for experts

Because attackers are constantly refining their methods, Siemens Mobility supports its customers throughout the entire lifecycle of their vehicles with advice based on comprehensive expertise and extensive practical experience.
As our vehicles become increasingly digitalized, we consider cybersecurity to be as integral a part of rail vehicles as driving and braking. Our IEC-62443 certification ensures that our customers are optimally protected against cyber attacks.
Albrecht Neumann, CEO Rolling Stock, Siemens Mobility

Certificate from TÜV SÜD for proven IT security

As early as 2014, Siemens Mobility established processes for cybersecurity in the rolling stock business as part of the Siemens AG-wide “Product and Solution Security” (PSS) initiative. These processes have since been proven in operation multiple times and were certified by TÜV SÜD in 2019 according to the standard rules for IT security (IEC 62443-2-4, IEC 62443-3-3, and 2021 IEC 62443 4-1). This comprehensive approach to IT security encompasses the entire supply chain and guarantees the high quality of the cybersecurity solutions offered thanks to certified experts from Siemens Mobility and the global network of Siemens AG.

Cybersecurity for rolling stock throughout the entire lifecycle

Cybersecurity for the procurement phase

  • Consulting services for implementing legislative and regulatory standards
  •  Determination of operational environmental conditions
    – Inventory
    – Protection requirement analysis
    – Higher-level risk analysis
  • Support for establishing customer’s cybersecurity operating concept
  • Derivation of requirements placed on the various stakeholders
  • Use of certified design processes (engineering/development)
  • Derivation of a security architecture from the operating concept
  • Use of proven security architectures (certified blueprints)
  • Use of standard modules for improving IT security
  • Use of IT secure products

Cybersecurity for the manufacturing phase

  • Secure software development process according to IEC 62443 4-1 and, as integrator, IEC 62443 2-4
  • Detailed threat and risk analysis (TRA)
  • Secure supply chains through secure supplier selection
  • All personnel trained in cybersecurity aspects, and all relevant tools vetted for cybersecurity
  • Start of security vulnerability management (SVM) already in the design phase
  • Penetration tests during the verification and validation phase
  • Risk analysis of test results
  • Definition of hardening measures
  • Provision of guidelines for operators and service personnel
  • Conduct of external penetration tests if required
  • Completion of cybersecurity process during the manufacturing phase
  • Any remaining cybersecurity risks are known and can be added to customer’s risk management
  • Performance of additional activities for homogolation, if applicable
  • Performance of security vulnerability management (SVM)
  • Software maintenance contracts available

Cybersecurity for the operating phase

  • Support for all cybersecurity-related activities during operation:
    – Periodic update of risk analysis
    – Secure change management
    – Security vulnerability management (SVM)
    – Training, intrusion detection systems
    – Cybersecurity Operations Center
  • SVM and software maintenance to adapt vehicle security to state-of-the-art cybersecurity
  • Performance of security assessments and derivation of security concepts
  • Measures for secure system design (see information under Procurement)
  • Measures for secure manufacturing and installation (see information under Manufacturing)
  • Measures for secure rail operations (see information under Operation)
  • Secure recycling process (secure handling of credentials) when scrapping components or the entire vehicle
The components for cybersecurity

Cybersecurity – our answers for you

With a constantly shifting threat landscape, we can assume that the protection needs of rolling stock will change multiple times over its long lifecycle. This raises many questions – and Siemens Mobility has the answers.
Mobility Trend Section

Report a potential security issue

Do you have a cybersecurity-related question or would you like to report a potential security issue? Contact Siemens ProductCERT for all product, solution and service inquiries and Siemens CERT for all infrastructure-related matters.

Our cybersecurity solutions apply to all our rolling stock

Contact

How can we support the cybersecurity of your rolling stock?

Would you like to know more about Siemens Mobility’s cybersecurity concepts? Or would you simply like to learn more about us without obligation? We’re always ready to help. Just click the link below and fill out the contact form.

Contact us:

Contact form