Cybersecurity for secure train operation

Cybersecurity and IT security for trains and rolling stock

Transportation companies need trains with state-of-the-art IT systems in order to provide passengers with attractive transport services. Increasing digitalization permits more efficient rail service and optimized maintenance. However, this also leads to greater exposure to cyberattacks. Railway operators, vehicle manufacturers and their suppliers must work together to confront this risk and increase security. In its vehicles, Siemens Mobility guarantees the highest level of train cybersecurity throughout their entire lifecycle thanks to a secure system design and comprehensive IT security services – for regional and high-speed trains, metros, trams, and commuter rail lines, as well as passenger trains and locomotives.

Our experts are happy to advise you about rolling stock cybersecurity:

Contact us

IT security and cybersecurity for rolling stock

Secure train operations in the digital age

Attractive, modern rail services are possible only when trains are equipped with powerful IT systems that connect to the operators’ wayside infrastructure. Therefore, both train-side and wayside IT systems must be protected against attacks with holistic security concepts. This is why governments are also attaching even greater importance to cybersecurity. Operators, manufacturers, and suppliers are facing a growing number of regulatory challenges.
 

When it comes to cybersecurity, transportation companies have a strong partner in Siemens Mobility. We bring expertise, efficient workflows, and practical experience to rolling stock cybersecurity for rolling stock based on over 100 customer projects. Siemens Mobility offers you control with secure solutions from a single source.

Expertise

Cybersecurity for rolling stock – a job for experts

Because attackers are constantly refining their methods, Siemens Mobility supports its customers throughout the entire lifecycle of their vehicles with advice based on comprehensive expertise and extensive practical experience in cybersecurity.
As our vehicles become increasingly digitalized, we consider cybersecurity to be as integral a part of rail vehicles as driving and braking. Our IEC-62443 certification ensures that our customers are optimally protected against cyber attacks.
Albrecht Neumann, CEO Rolling Stock, Siemens Mobility
Mark of conformity: IT security certified by TÜV SÜD according to IEC 62443-4-1
Mark of conformity: IT security certified by TÜV SÜD according to IEC 62443-4-1

Certificate from TÜV SÜD for proven IT security

As early as 2014, Siemens Mobility established processes for cybersecurity for rolling stock as part of the Siemens AG-wide “Product and Solution Security” (PSS) initiative. These cybersecurity processes have since been proven in operation multiple times and were certified by TÜV SÜD  according to the standard rules for IT security (IEC 62443-2-4, IEC 62443-3-3, and 2021 IEC 62443 4-1, IEC 62443-4-2). This comprehensive approach to IT security encompasses the entire supply chain and guarantees the high quality of the cybersecurity solutions offered thanks to certified experts from Siemens Mobility and the global network of Siemens AG.

Cybersecurity throughout the entire lifecycle

IT and cybersecurity throughout the entire vehicle lifecycle

Cybersecurity for the procurement phase

cybersecurity for the procurement phase
  • Consulting services for implementing legislative and regulatory standards
  •  Determination of operational environmental conditions
    – Inventory of the system under consideration / company
    – Protection requirement analysis
    – Higher-level risk analysis
  • Support for establishing customer’s cybersecurity operating concept
  • Derivation of requirements placed on the various stakeholders
safety System design
safety System design
  • Use of certified design processes (engineering/development)
  • Derivation of a security architecture from the operating concept
  • Use of proven security architectures (certified blueprints)
  • Use of standard modules for improving IT security at systems
  • Use of IT secure products for safety and control

Cybersecurity for the manufacturing phase

  • Secure software development process according to IEC 62443 4-1 and, as integrator, IEC 62443 2-4
  • Detailed threat and risk analysis (TRA)
  • Secure supply chains through secure supplier selection
  • All personnel trained in cybersecurity aspects, and all relevant tools vetted for cybersecurity
  • Start of security vulnerability management (SVM) already in the design phase
  • Penetration tests during the verification and validation phase
  • Risk analysis of test results
  • Definition of hardening measures
  • Provision of guidelines for operators and service personnel
  • Conduct of external penetration tests if required
  • Completion of cybersecurity process during the rolling stock manufacturing phase
  • Any remaining cybersecurity risks are known and can be added to customer’s risk management
  • Performance of additional activities for homogolation, if applicable
  • Performance of security vulnerability management (SVM)
  • Software maintenance contracts available

Cybersecurity for the operating phase

  • Support for all cybersecurity-related activities during operation:
    – Periodic update of risk analysis
    – Secure change management
    – Security vulnerability management (SVM)
    – Training, intrusion detection systems
    – Cybersecurity Operations Center
  • SVM and software maintenance to adapt vehicle security to state-of-the-art cybersecurity for rolling stock
  • Performance of security assessments and derivation of security concepts
  • Measures for secure system design (see information under Procurement)
  • Measures for secure manufacturing and installation (see information under Manufacturing)
  • Measures for secure rail operations (see information under Operation)
  • Secure recycling process (secure handling of credentials) when scrapping components or the entire vehicle
The components for cybersecurity

Cybersecurity for secure train operations – our answers for you

With a constantly shifting threat landscape, we can assume that the protection needs of rolling stock will change multiple times over its long lifecycle. This raises many questions – and Siemens Mobility has the answers.
Mobility Trend Section
Siemens ProductCERT display

Report a potential security issue

Do you have a cybersecurity-related question or would you like to report a potential security issue? Contact Siemens ProductCERT for all product, solution and service inquiries and Siemens CERT for all infrastructure-related matters.

Contact Siemens Mobility

Our cybersecurity solutions apply to all our rolling stock

High-speed and intercity trains

Velaro, Velaro Novo, ICE4 – these platforms for high-speed and intercity transport captivate rail operators, investors, and passengers worldwide.

Commuter and regional trains

Desiro and Mireo – these platforms for urban, regional, and shuttle transport are valued for their comfort, flexibility, energy efficiency, and reliability.
Trams and light rail

Trams and light rail

Our light rail vehicles help cities make mobility more sustainable, economical and attractive.
Viaggio passenger coach from Siemens standing on tracks

Viaggio Passenger Coaches

Our passenger train coaches make for a comfortable ride that is also economical, with their ongoing low energy and maintenance costs, simple installation and maintenance, and high degree of adaptability to prevailing traffic volumes.
An Inspiro Metro train from Siemens Mobility stops at a modern metro station. On the platform passengers can be seen.

Inspiro: the metro from Siemens Mobility

Our Inspiro platform excels worldwide in terms of its secure, comfortable, sustainable, and economical metros.
Automated People Mover – VAL

Automated People Mover

The Automated People Mover portfolio (VAL) offers a range of turnkey solutions for automated people mover systems.

Locomotives

Whether for freight, passenger, regional, or mainline transport, our locomotives meet the highest global demands and contribute to future-ready, sustainable mobility.

Contact

How can we support the cybersecurity of your rolling stock?

Would you like to know more about Siemens Mobility’s cybersecurity concepts? Or would you simply like to learn more about us without obligation? We’re always ready to help. Just click the link below and fill out the contact form.

Contact us:

Contact form

Related topics

Blue graphic elements depict a digital train station with a digital train pulling into the platform; the digital station is crowded with real images of passengers and operators

Cybersecurity for rail and road

Cybersecurity for rail and road

As experts in digitalization and pioneers in cybersecurity, we are dedicated towards making mobility more secure for everyone.

Digitalization in mobility with Siemens Xcelerator

Digitalization in mobility with Siemens Xcelerator

Digitalization is the key to better operations, greater sustainability and up to 100% availability in the mobility sector. 

Cybersecurity at Siemens

Cybersecurity at Siemens

Protect what you value – with our holistic approach and leading technology expertise.
Charter of Trust

Charter of Trust

Charter of Trust