Blue graphic elements depict a digital train station with a digital train pulling into the platform; the digital station is crowded with real images of passengers and operators

Cybersecurity for rail and road

With increasing digitalization come benefits – but also the need for adequate protection against cyberattacks. Siemens Mobility is committed to securing complex transport systems by applying our expertise to products, solutions and services.
Digitalization can contribute to making rail transport safer, more efficient and more convenient for both passengers and freight, but it also exposes rail systems to cybersecurity risks. (…) Indeed, one must be aware that cyber threats are as versatile and dynamic as the digital world and its applications.
UNIFE (The European Rail Industry) on the impact of digitalization on rail transport, as an example
A catalyst for change

Cybersecurity: enabling new technologies and business models

To fully tap the potential offered by the digital transformation: we need to know that the data and systems we rely on to keep our society and businesses going are safe and protected.

Securing mobility for the future

So what are we at Siemens Mobility doing to protect our modern, connected transportation systems? 

 

Our customers are the owners and operators of infrastructures that are regarded as critical to our communities: traffic systems, rail networks, entire intermodal travel ecosystems. They face new threats, new laws and new requirements in cybersecurity. Making it time to act and respond in a structured way. 

 

As leaders of the digitalization of public transport, Siemens Mobility is your trusted partner when it comes to cybersecurity with trained staff, secure products and solutions, as well as certified security processes across the product lifecycle.

 

The result: a world in which both operators and passengers alike experience and benefit from secure modern technologies. 

The global trends driving cybersecurity

A name you can trust

Your questions, answered

Have a question about how you can improve the cybersecurity of your business or organization? With decades of experience in cybersecurity, we at Siemens Mobility can set you on the right track.
Mobility Trend Section

Report a potential security issue

Do you have a cybersecurity-related question or would you like to report a potential security issue? Contact Siemens ProductCERT for all product, solution and service inquiries and Siemens CERT for all infrastructure-related matters. 

References

Made by Siemens Mobility

Read more about how products and services from Siemens Mobility are protecting transportation systems and infrastructure from malware, data leaks, security incidents and other cyber threats.
Charter of Trust

Teaming up for security

In February 2018, Siemens teamed up with the Munich Security Conference and other global partners to present the Charter of Trust. The initiative defined 10 principles fundamental to a secure digital world. This is how Siemens Mobility approaches these principles.

The 10 principles

We believe cybersecurity is everyone’s task – that is why we have established clear measures and targets as well as the right mindset throughout our organization. Within Siemens Mobility, we have set up an efficient cybersecurity management system which – like a quality management system – covers responsibilities, procedures, activities, tools and other content in milestones. 

Trusted suppliers are critical to the digital supply chain. That is why Siemens Mobility welcomes 3rd party certification aligned along international security standards for the industry. We also support our suppliers in their approach to state-of-the-art security.

Building on our achievements in “Security by Design”, we are now gradually shifting our focus to “Security by Default” – the next level of security for products, solutions and services. With this paradigm shift in security, we can progress further on minimizing the attack surface and increasing the protection of our customers’ assets.

Our customers are at the center of all we do – and we know that they have to frequently work with national cybersecurity agencies as well as cyber response teams. That is why we support our customers with expertise in securely designing, constructing and operating mobility systems that meet the requirements of all stakeholders.

Innovating and adapting cybersecurity to meet new threats requires constant innovation and co-creation. We have initiated co-creation measures within the industry to align risk assessment processes, define security zones and conduits for generic signaling architecture, and develop reference protection profiles for mobility systems and sub-systems. 

Siemens Mobility is driving awareness and education of cybersecurity both internally and externally. Regular cybersecurity awareness training is mandatory for every Siemens Mobility employee. Specific target groups receive additional job-related product and solution security training. 

 

For our customers and suppliers, Siemens Mobility offers domain-specific security training on four levels ranging from awareness and base skills to special skills and role-specific learning. 

Mature and managed processes provide the foundation you need for reliable results when it comes to cyber risk management – and certification plays a key role in the management of these processes. Siemens Mobility is thus advancing the organization towards 3rd party certification of development and integration projects along holistic security standards as well as cyber certification of IT/OT systems.

When cyber-attacks occur: an immediate and coordinated response is required from the industry. 

 

Siemens does its part in this by being an active partner of a group of computer emergency response team (CERT) organizations called FIRST. We also partner with several universities, research institutes and Information Sharing and Analysis Centers (ISACs) to improve transparency and response in the mobility sector. 

 

Siemens also has a dedicated team of security experts that manages the receipt, investigation, internal coordination, and public reporting of security issues related to Siemens products, solutions, or services. Called ProductCERT, the team is the primary contact for security researchers and offers security advisories for standard products. Solution-specific vulnerability advisories are also offered on a contractual basis.

 

Siemens ProductCERT

 

Industry regulation and standardization are only successful if they are based on multilateral cooperation. Siemens Mobility supports the use of international industrial security standards in the railway domain and is supporting the CEN/CENELEC Working Group 26 on its way to a Technical Standard TS50701 (Cybersecurity in the Railway System). 

The Charter of Trust is an important nucleus for further joint initiatives to promptly implement the above 10 principles. Siemens Mobility supports the UNIFE Cybersecurity Working Group, which serves as a platform for members to discuss and identify opportunities for cooperation on cybersecurity issues in the European rail sector.

A strong alliance

We take our responsibility for cybersecurity well beyond the boundaries of our own organization, because approaches to cyber threats do not end there. To make the digital world more secure, we have joined forces with leading companies from around the globe to form the Charter of Trust. This cooperation is already showing the first signs of success and has ambitious goals for the future. Stay updated on this global cybersecurity initiative by following our activities here.

Contact us

Do you have any further questions about cybersecurity for Siemens Mobility?

Whatever you need to know – our cybersecurity experts are happy to help out. Click on the button to fill out the contact form and get in touch. 

Get in touch

To contact form