Cybersecurity Assessment for Railway Applications

Cybersecurity is a new and evolving field for railway applications such as electric signaling systems

Security risks can only be mitigated if manufacturers, operators and system integrators assume responsibility for security. That said, these stakeholders cannot simply adopt security measures and solutions from the office IT environment without changes. At the same time, security measures must address performance requirements without disrupting safety functions.

Testing services for IT security within the railway industry provide manufacturers and operators various benefits:

• Verify the security of your railway-specific system or device thoroughly and understand critical interfaces and determine the actual security status of your railway application
• Minimize risks by identifying non-conformities with relevant security standards as well as weaknesses in processes
• Save time and money with a prioritized list of security measures that helps you focus your resources on overcoming vulnerabilities, which have been identified during inspection
• Communicate risks to management clearly, define appropriate protective measures and recognize the residual risk
• Protect your products and systems against safety hazards, downtime and financial damage caused by cyber attacks

We protect your rail applications against Cyber threats

TÜV SÜD combines expertise in safety and industrial IT security with process knowledge in a wide range of industries and critical infrastructures. Our highly-trained experts have extensive experience of railway-specific systems and can draw upon this knowledge to determine which risks are relevant to your business.

From the onset, our IT security experts are able to provide comprehensive assessments to verify your security objectives and identify risks, vulnerabilities and potential damages of your railway-specific system. We recommend important protection measures that should be implemented and provide a prioritized list of security measures and an action plan to mitigate vulnerabilities, risks and on conformities identified by our security analysis.

4 Steps to improve Cybersecurity:

• Set goal, scale and definition of the object of investigation.
  • Supply relevant documents.
• Examine documents and notes.
  • Prepare on-site checks, risk analysis and security testing.
• Conduct procedural assessments, technical checks and/or security tests.
  • Review Identified security findings.
• Describe and evaluate the identified security vulnerabilities and risks.
  • Recommend countermeasures.
  • Compile and review the assessment report including a management summary.

our IT Security testing Services for Railway Applications

The assessment and testing services related to IT security for railway applications are based on the IEC 62443-4-1, IEC 62443-3-2, IEC 62443-3-3 and EN 50159 standards, and the pre-norm DIN VDE V 0831-104. As one of the first providers in this field, TÜV SÜD offers testing services that encompass IT security management, risk analysis, security testing (penetration and robustness tests) and process analysis. This approach helps to identify risks for the railway application and results in an action plan with steps to reduce risks. Technical checks on IT components and systems are also conducted. Upon request, we can perform a conformity check against internal security documents or relevant standards such as IEC 62443 or DIN VDE V 0831-10X.

• Security testing

  This encompasses penetration and robustness testing that serves as a benchmark for the actual security level of your product or system.

• Threat and risk analysis

  By adopting a risk analysis methodology (e.g. based on DIN VDE V 0831-104) for your railway-specific system, safety requirements are considered. As threats differ considerably by railway applications, this approach helps to identify risks for your railway application and results in an action plan to reduce risk.

• Process analysis

  Our experts identify weaknesses within certain processes such as change management, key management and security incident handling.

• IT security management

  IT security management is essential to achieve sustainability. We support you in assessing security organizations, security documentation and supporting processes like user and rights management.

• Cost/benefit presentation

  Whenever possible, our services include calculation of costs in comparison to the reduction of risks, providing a clear basis for decision-making.   

Contact Us