Due to the increasing use of software and IT solutions in rail digitalization projects, Siemens Mobility has acquired significant and practical experience in cybersecurity, both as a service partner for global rail operators and as a system provider. Digitalization brings many advantages, but it also raises the need for industry-wide awareness and guidance on how to securely protect both, legacy and new systems. In this white paper, Siemens Mobility shares these experiences in the form of best practices in managing regulatory challenges and in effectively applying security measures and processes throughout a rail system’s life cycle.
The paper will begin with a quick review of the business drivers, followed by security controls that should be implemented in each of the NIST CSF-phases listed below:
- IDENTIFY risks and vulnerabilities
- PROTECT critical systems and reduce risks
- DETECT anomalies and changes
- RESPOND to cyber events
- RECOVER back to the normal state