Digitalization can contribute to making rail transport safer, more efficient and more convenient for both passengers and freight, but it also exposes rail systems to cybersecurity risks. (…) Indeed, one must be aware that cyber threats are as versatile and dynamic as the digital world and its applications.UNIFE (The European Rail Industry) on the impact of digitalization on rail transport, as an example
White Paper: Lessons Learned on Rail Cybersecurity
In this white paper, we share our experience about rail cybersecurity in form of best practices, we review the business drivers and give you an overview of the security controls that should be implemented.
Fill out the form to receive the white paper and profit from our learnings about rail cybersecurity.
Securing mobility for the future
So what are we at Siemens Mobility doing to protect our modern, connected transportation systems?
Our customers are the owners and operators of infrastructures that are regarded as critical to our communities: traffic systems, rail networks, entire intermodal travel ecosystems. They face new threats, new laws and new requirements in cybersecurity. Making it time to act and respond in a structured way.
As leaders of the digitalization of public transport, Siemens Mobility is your trusted partner when it comes to cybersecurity with trained staff, secure products and solutions, as well as certified security processes across the product lifecycle.
The result: a world in which both operators and passengers alike experience and benefit from secure modern technologies.
The global trends driving cybersecurity
Discover why mobility needs digital securityThe future of transportation is digital Imagine congestion-free cities. Accident-free roads. Perfectly coordinated traffic. Shorter cycle times for buses and trains. Flexible shuttles to the outskirts. Smart ticketing and information for all travel modalities in a single app. And vehicles, trains, and infrastructure that check themselves, communicate with each other, and order maintenance if needed. All mobility infrastructures require the combined functionalities of different digital subsystems like signaling, electronic ticketing, building- and traction power automation, passenger information or passenger entertainment systems. Infrastructure experts integrate these systems securely into the complete solution. Based on customers needs they develop a secure overall architecture using proven building blocks. Because digitalization is the tool that will make all of this a reality and bring new options and opportunities. But data-driven mobility also entails new challenges and cybersecurity risks. Discover with us why mobility needs digital security.
Turning data into better mobility
Digitalization on rail and road
Digitalization is a key driver of tomorrow’s mobility. Apps help find the fastest and most convenient routes for intermodal travel. Trip planning is determined by traffic conditions in real time. Autonomous buses, trains, and cars safely transport people to their destinations. Collisions can be avoided thanks to continuous communication between transportation users. In short, data-driven mobility offers tremendous possibilities and opportunities for making road and rail traffic even safer and more efficient.
Features that include high connectivity, Vehicle2X communication, and mobile networks with sensors, cameras, GPS, and onboard computers are needed to make vehicles and trains digital – and all of these systems are vulnerable to cyber threats. Strict and robust IT security is a must – in the vehicles and all along the intelligent infrastructure. Our cybersecurity team is already on it, working to create a holistic, multilevel security concept for future-oriented mobility.
Digitalization drives new challenges and risks
Avoiding digital traps and security loopholes
Mobility infrastructures and vehicles are part of our daily life. Often, they form part of national critical infrastructure and are in public use therefore in public interest. Operators have identified the new risk posture imposed by increased connectivity and use of commercially available components. Public risk awareness and the political agenda to create adequate risk management structures have resulted in legislation, standardization and the drive for cybersecurity technology.
The threat landscape on the other side is evolving as well. The automation of security exploits allows threat actors of medium or even low capability to deploy attacks. More sophisticated attacks use ransomware and are seeking financial gain. The work of security scientists shows that dedicated cyber impact on transport infrastructures is possible. Cybersecurity and Cyber Risk Management are ongoing activities requiring a structured and continuous approach.
The ongoing development of cyber legislation 2.0
Regulations for effective cyber defense
Companies worldwide are increasingly required to demonstrate good cybersecurity practice. Cyber defense in horizontal IT has already some decades of history. Transport and Mobility systems have already included dedicated protection concepts into their digital communication systems since the 90s. With prominent cyber security incidents publicly discussed in the years 2010 various cybersecurity laws were created on national or Union level. The European NIS Directive, the German KRITIS law or the French ANSSI regulation are in place for half a decade now. Currently the effectiveness of the implementation is under review and will result in updated and probably more strict and homogenous approaches.
Critical infrastructures need special security
Strict security requirements
Operators of critical infrastructures have to meet strict requirements to keep these infrastructures available and operational. Hacker attacks, for example, can have fatal consequences. This applies not just to power and water supplies but also to transportation and traffic.
The criticality of an infrastructure or a transportation asset depends on the risk level applied to it. Criticality can also be derived by determining the highest possible damage in terms of data privacy loss, financial or reputational impact, or even injury or loss of life. However, for a single business operator, portions of their business assets – such as a specific train depot, a central control environment, or a large and visible station infrastructure – may be defined as critical.
Are you prepared for passenger data and GDPR?
Privacy by design and default
Data privacy protection has been implemented in a number of country legislations, with high visibility provided by the EU General Data Protection Regulation, since 2016. Personal data is information relating to identified or identifiable natural persons: for example, a name, a number, location data, online identifiers, or one or more factors specific to the identity. This can include face recognition travel behavior and online search activities. Depending on the use case, “data protection by design and default” is the optimal approach. Principles like lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality and accountability are implemented early in the design phase. Supporting our customers and providing solutions that comply with local rules and regulations requires early consideration of requirements and mature and dependable processes in development and operations.
What is cyber risk management?
Be aware of cyber risks and be prepared
Essentially, cybersecurity is a specific domain of risk management. All aspects of our digital world and the associated physical installations need to be considered with detailed knowledge of the threat actor in mind – starting with digital asset transparency, including the related cyber-ownership, the threat model, and the interaction between the asset and potential attacks. Impact and likelihood estimates are used to document and mitigate each of the risks. Every risk, assumption, and countermeasure needs to be tracked to closure – and yes, some risks will require acceptance. Especially in complex systems, projects, and operations, it’s challenging to maintain an overview. When dealing with agile opponents and new technologies, a recurring review of the risks need to be performed and the structures for detection, response, and recovery must be in place.
Benefit from mobility cyber kill chain
A holistic approach: defense in depth
In general, complex transportation systems are designed with defense in depth concepts built in. Interfering with operations, extracting money, posting inappropriate information on public signage, and even impacting the safety systems requires a high malicious intent and capability. Recent attack cases can be plotted along “kill chains” that depict the sometimes lengthy process and progress of an attack. Like other utilities, mobility systems can use similar approaches, but they require dedicated views and defense approaches. The activity chain begins with reconnaissance and initial access via lateral movement into sensitive command and control areas. The task of a security and defense structure is to detect vulnerabilities and abnormal behavior, prevent exploits from spreading, and minimize the impact of incidents.
Explore how we make mobility secureIT security from all angles. It’s not a single firewall. It’s not one hardened interface. It’s not a one-time security testing. What Siemens Mobility is committed to is a security approach that covers all possible angles during the complete product life cycle of a Rail traffic system. We support our customers in each phase and ensure that you as an operator could easier meet your legal obligations. For that we developed our organization and achieved a Maturity Level 2 which is proven by an external notified body thus you can trust us as a supplier who delivers secure products which helps you to achieve the homologation and keep it during the entire life cycle – from hardware to software, from system hardening to multi-level security concepts, from product and system security to operational security.
Learn more about security by design
Protection from the get-go
Whether it’s autonomous driving, shared mobility, or Car-to-X communication, all mobility trends have one thing in common: They exploit the potential of digitalization. This results in tremendous quantities of data that require complete protection. With our comprehensive professional expertise, we support your mobility project from the very start by drawing on our many years of experience in areas like railway operation, where cybersecurity is a top priority. We develop an operating concept tailored to your requirements, provide appropriate analysis tools, and support you with training courses on security, operation, and maintenance.
Support for tendering
Meet tender requirements
Every project starts with tendering and contract management. First we combine all existing tenders and all master data in an intelligent system. This allows us to accurately meet tender requirements and derive a cybersecurity architecture from the intended operating environment that meets your requirements based on zones and a conduit model according to IEC 62443-2-4. A certified blueprint is available for our vehicle projects in compliance with this standard.
We realize a high level of security by using standardized security building-blocks, core shields, and certified security gateways oder data diodes (e.g. DCU). We help you obtain approval for your project by providing you with the necessary documentation for ensuring secure vehicle operation and compliance with the requisite IT security. This also applies to absence of interaction: which means that if the IT system fails, the vehicle still operates securely.
How system design drives cybersecurity
A systematic approach to IT security
Two factors play an important role in system design. One is the security of the system itself, and the other is a secure supply chain. We support you in both areas to ensure a secure development and integration process according to the IEC 62443 series of standards defined for industrial communication networks. You can then develop efficient security concepts for your business, including security features like an intrusion detection system (IDS) and logging.
As for the supply chain, we’ve established strict selection criteria that our suppliers must meet. When designing the contract, we ensure that IT security requirements are included and that all suppliers follow an IT security process according to IEC 62443-2-4.
Security testing establishes criticality
Ready for real-world deployment?
Based on IT security tests, we perform a tool-supported threat and risk analysis (TRA) to determine whether the IT system meets all security requirements. This TRA methodology identifies any remaining risks through a systematic overview, and criticality can then be assessed.
Holistic approach to manufacturing, installation, and commissioning
Structured procedure with security vulnerability management
Our approach to manufacturing, installation, and commissioning is holistic. Thanks to processes precisely defined in security vulnerability management (SVM), we guarantee IT security throughout all phases. This allows potential vulnerabilities to be identified and evaluated in terms of risk. It’s then possible to define reporting chains and describe the subsequent procedure, creating all the conditions necessary for secure operation. In addition, we offer you the option to participate in operation and maintenance training.
Constantly looking for new information about vulnerabilities in software and hardware components used by Siemens: The security experts of the Siemens Security Vulnerability Monitoring (SVM) team.
Get continuous insights into operation
Securing complete mobility infrastructures
For the operations phase Siemens Mobility customer services provides an incident handling process and a vulnerability monitoring service. With Secure Rail Operations service our customers can sleep well: protection against a wide range of IT security risks. If trams, metros, trains, locomotives or depots – we deliver secure IT solutions. And, as an international leader in rail, we deliver vehicles, that comply with local IT security requirements in all relevant jurisdictions. As the initiator of the Charter of Trust, Siemens is committed to ensuring cybersecurity for all products and solutions, including a secure supply chain.
Upgrade for your IT security: Revision and refurbishment
So that security doesn’t fall by the wayside
Revision and refurbishment measures are the most effective way to adapt your existing fleet to growing cybersecurity challenges. Consider wayside communication, in which trains exchange sensitive information with marshals via radio. This takes place primarily via third-party networks, which makes it open to attacks and requires special protection. Basically, data networks need to be examined for anomalies and computers and network components evaluated for abnormal behavior. An intrusion detection system (IDS) provides assistance as a network IDS (NIDS) or host-based IDS (HIDS).
All refurbishment measures start with the concept of secure design, which involves a secure development and integration process according to the IEC 62443-4-1 and 62443-2-4 standards, as well as change management and maintenance. If we consult suppliers, we ensure that the highest standards are met so you can be certain you have certified IT security concepts.
Secure to the very end
Documentation for proper disposal
Even the longest journey eventually comes to an end and entire rail vehicles have to be properly disposed of. But cybersecurity requirements don’t end with the scrapping of components. For example, the IEC 62443-4-1 standard defines the decommissioning of communication networks. Strict regulations apply. We support you in the secure and standards-compliant recycling of these components. We and our suppliers provide you with documentation that explains how to proceed in the disposal phase.
Take the ride with secure digital mobilitySecure digital mobility is on the move. The digital portfolio from Siemens Mobility is growing in all areas – whether it’s rail, road, or seamless intermodal travel. And comprehensive security mechanisms are integrated at the core of each of those solutions and kept updated. Take a ride with us and check out some exemplary solutions.
Railway networks are considered a critical infrastructure and need to be protected accordingly. From virtual planning using the Building Information Modeling (BIM) method to state-of-the-art connectivity solutions and cybersecurity services – we work with you to develop complete cybersecurity solutions for your rail infrastructure.
Rail infrastructure planning turns data into value
Building Digitally First with BIM
Whether you’re building new rail infrastructures or expanding existing ones: Siemens Mobility offers state-of-the-art building information modeling (BIM) for complete virtual planning using computer-generated 3D modeling that integrates all planning partners and information available. This improves planning reliability, shortens the project execution, and enhances the asset performance during operation and maintenance. We manage our project data including building information modelling compliant to ISO19650.
All critical processes, data, and collaboration are protected from being compromised by technical standards and control mechanisms. A digital key protects all data by limiting access to it. The consistent security concept and custom level of security are grounded in the leading security standards for railway industries according to ISO 2700X.
Data Capture Unit for connections you can trust
Safe travels with secure infrastructure
Secure mobility requires secure connectivity – and secure remote diagnosis and monitoring of trains and infrastructure. That’s what the data diode DCU (Data Capture Unit) is made for. This one-way data gateway permits the reaction-free connection of a signaling and safety infrastructure to the IoT. Embedded in MindConnect Rail and MindConnect Road, the DCU helps optimize the connected control, safety, and security systems. Train operation data, for example, can be merged via MindSphere with historical consumption data, weather forecasts, and information on major events, making the traffic flow smoothly and easing travel. The DCU can also be used to support intrusion detection systems by detecting abnormal activities in connected networks – or to record operating data like wayside signaling applications for juridical purposes.
Digital services with smart security
Ensuring sustainable rail cybersecurity
Cybersecurity is an extremely important factor for the rail sector. Unfortunately, cyberattacks on rail systems are on the rise and such systems are increasingly targeted by hackers. Our cybersecurity services help you proactively close cybersecurity gaps. An analysis of elements like control and safety systems, vehicles, depots, and rail electrification makes it possible to identify potential vulnerabilities and implement protective measures. We develop a holistic cybersecurity concept precisely tailored to your requirements, while also taking into account the applicable security standards, national and international legislation, and cybersecurity initiatives.
Integrated cybersecurity from a single source
Our holistic approach: Complete Cyber Security
Rail systems are critical infrastructures that must guarantee safety, reliability, and compliance with legal requirements. Whether it’s a greenfield project or retrofit of an existing rail system, Siemens Mobility’s integrated cybersecurity solutions give operators a customized concept and expert implementation. Our cybersecurity solutions are based on anticipated reliability and how many attacks have already occurred. A security system is built from a comprehensive set of components including endpoint security, network security with firewall zone separation, identity and access management – for example, with an authentication, authorization, and accounting (AAA) server – public key infrastructure (PKI), security information and event management (SIEM), and intrusion detection systems (IDS). Everything can be coordinated from a cybersecurity operation center (C-SOC) and tested virtually in digital twins.
Siemens Mobility is a rail system provider with extensive domain expertise and an industry cybersecurity leader – and is the best choice for secure rail systems.
Complete cyber security is the holistic approach to handle cyber security for greenfield rail projects or retrofitting existing rail systems.
From parking guidance systems and traffic light controllers to autonomous shuttles – the digitalization and automated control of vehicles and transportation systems is increasingly finding its way into modern road infrastructure. We offer you many solutions that meet the highest security standards in the market to ensure that this infrastructure isn’t just under control, it also operates securely.
Everything under control with Web-based traffic monitoring
The smart solution: Sitraffic smartGuard
The Sitraffic smartGuard traffic control center is ideal for smaller cities and municipalities. For example, it provides an instant overview of traffic lights that are malfunctioning, occupancy of parking garages, and the current traffic situation in the metropolitan area. The main advantage is that Sitraffic smartGuard is Web-based and controlled via the cloud. This means that there’s no need to invest in expensive hardware: You can control your traffic system anywhere and anytime from a tablet, PC, or smartphone.
The availability, reliability, and security of Sitraffic smartGuard and all the products, systems, and services in our portfolio are confirmed by an ISO certification, (ISO/IEC 27001) which ensures that all IT security technologies comply with the latest technical standards. The level of security is further enhanced by the two-factor smartGuard security concept and the security standards applied in all field devices, servers, and data transfer systems.
More traffic control – less downtimes
Growing along with your requirements
The ITS traffic controllers are installed outside in urban environments and handle safety-critical signalization for urban traffic flows. They’re usually connected to higher-level traffic management centers in different types of networks. To ensure the security of these networks, our traffic controllers have several layers of security mechanisms implemented, including physical access restrictions, user access management, and firewalls. The most security-critical element of a traffic controller is the signal monitoring, which ensures the safety of the signalization for the traffic flow. This is secured within the architecture and kept completely separate from network-accessible segments. Any modifications that require physical access are secured via hardware settings.
Other security measures can be implemented upon request. Standard delivery can be easily configured to grant access only to certified users. Additional hardware enables remote access control, where operators in traffic centers are notified when someone gains physical access to the installation.
Connected mobility is shaping the future
Connecting intelligent infrastructure and vehicles
Connected mobility involves communication between road infrastructure, vehicles, and vulnerable road users like bicyclists and pedestrians. This communication can be established locally via roadside units and via 4G/5G communication through cloud services and smartphone applications. Due to the high level of connectivity, cybersecurity is crucial. Our connected mobility solutions are therefore developed with a strong focus on their security. Direct V2X communication between vehicles and infrastructure is secured via PKI-based authentication mechanisms according to the latest standards. State-of-the-art technologies like TLS and VPN are used to secure access to the roadside and central systems. Security-sensitive materials like encryption keys are stored in tamper-proof hardware security modules, and there are measures in place that detect any physical tampering with devices in the field.
Shared autonomous mobility for everybody
For clean and efficient mobility
Autonomous shuttles promise a better quality of life and more mobility by decreasing traffic by about 90 percent and reducing traffic accidents through the shared use of autonomous public transportation. Our Sitraffic mooV autonomous shuttle is completely driverless and combines the vehicle’s autonomous driving feature with road infrastructure information. It relies on the autonomous driving demand responsive transport (AD-DRT) system. The software center allows operators to control and manage their autonomous transportation system. As soon as it detects unauthorized access to the door contacts, it sends an alert to the operator. It also detects the unauthorized addition of objects and monitors traffic so that any manipulation can be promptly identified. The system achieves a high level of functional security integrity (up to SIL 3).
Intermodal travel is the travel of the future. When you always have access to information on all available means of transportation at the lowest prices, you can conveniently plan, make digital payments, and take advantage of the best connections. Here too, cybersecurity is tremendously important for protecting sensitive information like customer and payment data.
Cybersecurity included: Mobility as a Services
Separate data in the mobility jungle
Mobility as a Services (MaaS) platforms combine seamless trip planning, smart booking and payment as well as big data analytics in one single account including all available means of transport from public transport to car-sharing and many more. Cybersecurity is essential when running a MaaS app, as these systems contain personal, sensitive data, not only master data but also transaction data from customers. Data misuse is prevented by using the latest encryption techniques, conducting regular penetration tests and monitoring current threat scenarios. The collection of personal data has to be reduced to a minimum and data pools are separated at all times.
Stay safe with ticketing
Secure ticketing and payment
Smartphone-based ticketing options make traveling more convenient and prevent ticket chaos and loss. Cashless payment ensures passenger security, which has become even more important since the outbreak of COVID-19. Smart ticketing solutions like our XiXo portfolio offers make ticketing easier than ever with no knowledge about the fare system. The best price is always guaranteed. Encrypting technologies ensure that tickets can’t be copied easily, and so transportation companies’ revenue losses can be prevented. Data protection is guaranteed by separating transaction data from customer data: Customer profiles can’t be created based on geo data (UU-ID = unique user ID). Encrypted tickets and regularly changing barcodes support this.
Be flexible with demand-responsive TransportData’s security on demand
Data security on demand
Traditional public transportation models are developing in order to meet the growing demand for seamless, flexible, and sustainable mobility. Demand-based transportation is the key to reducing dependency on private vehicles. Fixed lines with high frequency are fed by flexible lines like first and last mile services, paratransit, off-peak hour services, and B2B shuttles to better and more efficiently reach new and existing areas. Cybersecurity is essential to protect customer and payment data, and so we’ve oriented ourselves to GDPR compliance.
Data analytics in real time
Analyze data, secure data protection
With intermodal data analytics, you can derive traveler insights and understand their travel patterns in public and intermodal transit. Data analytics offer data-driven solutions for many tasks in traffic planning, strategy, and operations: for example, scenario analysis, capacity planning for rail replacement traffic, optimization of interconnections, and incident detection in real time. High-resolution occupancy analysis and prognosis can be performed down to a single vehicle. We treat customer data responsibly and anonymously and protect it from unauthorized access during transmission to storage. We scan our systems regularly for possible weak points and follow the Siemens PSS guidelines.
Highly reliable transportation planning systems
Flexible software solutions
Transport planning systems (TPS) products are flexible software solutions for train planning, capacity management, and more. From strategic long-term planning and annual timetables to short-term planning based on real-time data during operation – TPS enables users to create reliable timetables and attract passengers with a reliable performance. Because our customers entrust us with sensitive and security-relevant data, cybersecurity has a high priority. Therefore, TPS is fully integrated into the customer's IT landscape and connected to all security-relevant systems. Access to the system is only permitted for authorized people, and development processes are monitored under strict cybersecurity regulations. Third-party software is tested using vulnerability management processes, and employees are trained by security experts and receive regular security trainings.
Teaming up for securityIn February 2018, Siemens teamed up with the Munich Security Conference and other global partners to present the Charter of Trust. The initiative defined 10 principles fundamental to a secure digital world. This is how Siemens Mobility approaches these principles.
The 10 principles
We believe cybersecurity is everyone’s task – that is why we have established clear measures and targets as well as the right mindset throughout our organization. Within Siemens Mobility, we have set up an efficient cybersecurity management system which – like a quality management system – covers responsibilities, procedures, activities, tools and other content in milestones.
Building on our achievements in “Security by Design”, we are now gradually shifting our focus to “Security by Default” – the next level of security for products, solutions and services. With this paradigm shift in security, we can progress further on minimizing the attack surface and increasing the protection of our customers’ assets.
Our customers are at the center of all we do – and we know that they have to frequently work with national cybersecurity agencies as well as cyber response teams. That is why we support our customers with expertise in securely designing, constructing and operating mobility systems that meet the requirements of all stakeholders.
Innovating and adapting cybersecurity to meet new threats requires constant innovation and co-creation. We have initiated co-creation measures within the industry to align risk assessment processes, define security zones and conduits for generic signaling architecture, and develop reference protection profiles for mobility systems and sub-systems.
Siemens Mobility is driving awareness and education of cybersecurity both internally and externally. Regular cybersecurity awareness training is mandatory for every Siemens Mobility employee. Specific target groups receive additional job-related product and solution security training.
For our customers and suppliers, Siemens Mobility offers domain-specific security training on four levels ranging from awareness and base skills to special skills and role-specific learning.
Mature and managed processes provide the foundation you need for reliable results when it comes to cyber risk management – and certification plays a key role in the management of these processes. Siemens Mobility is thus advancing the organization towards 3rd party certification of development and integration projects along holistic security standards as well as cyber certification of IT/OT systems.
When cyber attacks occur: an immediate and coordinated response is required from the industry.
Our company does its part in this by being an active partner of a group of computer emergency response team (CERT) organizations called FIRST. We also partner with several universities, research institutes and Information Sharing and Analysis Centers (ISACs) to improve transparency and response in the mobility sector.
Siemens also has a dedicated team of security experts that manages the receipt, investigation, internal coordination, and public reporting of security issues related to Siemens products, solutions, or services. Called ProductCERT, the team is the primary contact for security researchers and offers security advisories for standard products. Solution-specific vulnerability advisories are also offered on a contractual basis.
Industry regulation and standardization are only successful if they are based on multilateral cooperation. Siemens Mobility supports the use of international industrial security standards in the railway domain and is supporting the CEN/CENELEC Working Group 26 on its way to a Technical Standard TS50701 (Cybersecurity in the Railway System).
The Charter of Trust is an important nucleus for further joint initiatives to promptly implement the above 10 principles. Siemens Mobility supports the UNIFE Cybersecurity Working Group, which serves as a platform for members to discuss and identify opportunities for cooperation on cybersecurity issues in the European rail sector.
A strong alliance
We take our responsibility for cybersecurity well beyond the boundaries of our own organization, because approaches to cyber threats do not end there. To make the digital world more secure, we have joined forces with leading companies from around the globe to form the Charter of Trust. This cooperation is already showing the first signs of success and has ambitious goals for the future. Stay updated on this global cybersecurity initiative by following our activities here.