Smart Security – Ensuring sustainable rail cybersecurity
system availability based on rail cybersecurity
Rail Cyber Security in a nutshell
In our connected world we see an increased demand for transportation. It needs to be sustainable and efficient. This requires more and more digitalization and connecting people always needs to be safe and secure. “What is the relevance of cyber security in the rail environment? And how can it be sustained over the complete life cycle?”
Security for the digital rail worldAvailability, maximum reliability and security: These are the challenges every rail operator is faced with – concerning both rail infrastructure and rolling stock. Gaps in cybersecurity can prevent these targets from being met or even damage the operator‘s reputation. For this reason, ensuring sustainable cybersecurity for rail systems is a fundamental requirement for smooth and safe operation. With SIMOS® Smart Security, we help you to analyze your systems, identify potential vulnerabilities, and define and implement measures to protect your assets.
Assess the current situation and identify risks
The first step towards cybersecurity in railway systems is a precise status analysis.
Following the requirements specified in IEC 62443, we first determine and analyze the required scope for railroad infrastructure with you. In the next step, we develop the outline for an individual protection concept on the basis of a questionnaire specifically adapted to your system configuration, a joint workshop, and a site inspection. This protection concept includes customized technical and process-related measures.
For rolling stock, we apply a risk analysis method that has been specially developed and tested for the railway industry. Again, we first determine the systems to be analyzed with you. On this basis we prepare a risk assessment that includes pragmatic technical concepts and process-related measures in a joint workshop.
In addition, we determine and evaluate the individual risk potential of your system through intentional and transparent hacking attempts within the framework of a penetration test proven for railway systems.
The outlined protection concepts as well as the results of the penetration test are the starting point for the next step:
the implementation of necessary security measures.
Provide the utmost security
The assessment of possible risks and evaluation of required protective measures is followed by the implementation of your individual protection concept for cybersecurity. First of all, the protection concepts roughly outlined in the preceding step are described in detail for this purpose.
Once all the necessary details have been defined, we implement project-specific technical measures, such as the hardening of systems, the execution of necessary updates and upgrades, and zoning, if that should be required. We will, of course, update the safety approval if necessary.
Always be alert and ready to react
Cybersecurity in railway systems can only be maintained permanently if the continually changing threat situation is constantly and closely monitored.
That’s why we monitor data around the clock in real time. This enables us to immediately identify anomalies and possible new threats at any time. If the threat situation changes, we’ll inform you immediately with proactive threat reports that help you react appropriately and without delay. Of course, we also support you in the development of adequate responses to cybersecurity events.
Sensitivity for cybersecurity in railway operations
Just like in other industrial sectors, cybersecurity for railway systems ultimately stands or falls with the people behind the technology.
That’s why we’ve developed a comprehensive range of customized training courses for rail operators. Our cybersecurity experts raise your employees’ awareness of threats during the training sessions and convey consistent action strategies for the protection of your company and its systems.
In addition to the standard training courses that are available as Web-based online training or as classroom training at the Siemens Rail Academy, we also provide individual training courses tailored to your specific requirements.