IT security is a new and evolving field for railway applications such as electric signalling systems. Security risks can only be mitigated if manufacturers, operators and system integrators assume responsibility for security. That said, these stakeholders cannot simply adopt security measures and solutions from the office IT environment without changes. At the same time, security measures must address performance requirements without disrupting safety functions.
What services does IT security for railway applications include?
The services related to IT security for railway applications are based on the IEC 62443-4-1, IEC 62443-3-2, IEC 62443-3-3 and EN 50159 standards, and the pre-norm DIN VDE V 0831-104. As one of the first providers in this field, TÜV SÜD offers services that encompass IT security management, risk analysis, security testing (Penetration and robustness tests) and process analysis. This approach helps to identify risks for the railway application and results in an action plan with steps to reduce risks. Technical checks on IT components and systems are also conducted. Upon request, we can perform a conformity check against internal security documents or relevant standards such as IEC 62443 or DIN VDE V 0831-10X.
Why are these services important to your business?
Our experts analyse the security of your railway-specific system or device. This will assist you in understanding critical interfaces and determining the actual security status of your railway application. All identified vulnerabilities are assessed and documented. We also identify non-conformities with relevant security standards as well as weaknesses in processes and provide a prioritised action plan. This enables you to communicate risks to management, define appropriate protective measures and recognise the residual risk. In addition, you will be able to protect against safety hazards, downtime and financial damage caused by cyber attacks.
How can we help you?
From the onset, our IT security experts are able to provide comprehensive advice and guidance to define security objectives, identifying risks, vulnerabilities and potential damages of your railway-specific system. We recommend important protection measures that should be implemented and provide a prioritised list of security measures and an action plan to mitigate vulnerabilities, risks and on conformities identified by our security analysis.
Our services for railway security at a glance
We support you with a comprehensive portfolio of services:
- Security testing
This encompasses penetration and robustness testing that serves as a benchmark for the actual security Level of your product or system.
- Threat and risk analysis
By adopting a risk analysis methodology (e.g. based on DIN VDE V 0831-104) for your railway-specific System, safety requirements are considered. As threats differ considerably by railway applications, this Approach helps to identify risks for your railway application and results in an action plan to reduce risk.
- Process analysis
Our experts identify weaknesses within certain processes such as change management, key management and security incident handling.
- IT security management
IT security management is essential to achieve sustainability. We support you in establishing security organisations, security documentation and supporting processes like user and rights management.
- Cost/benefit presentation
Whenever possible, our services include calculation of costs in comparison to the reduction of risks, providing a clear basis for decision-making.