Put safety at the heart of your railway operations
IT security is a new and evolving field for railway applications such as electric signalling systems. Security risks can only be mitigated if manufacturers, operators and system integrators assume responsibility for security. That said, these stakeholders cannot simply adopt security measures and solutions from the office IT environment without changes. At the same time, security measures must address performance requirements without disrupting safety functions.
Testing services for IT security within the railway industry provide manufacturers and operators various benefits:
TÜV SÜD combines expertise in safety and industrial IT security with process knowledge in a wide range of industries and critical infrastructures. Our highly-trained experts have extensive experience of railway-specific systems and can draw upon this knowledge to determine which risks are relevant to your business.
From the onset, our IT security experts are able to provide comprehensive assessments to verify your security objectives and identify risks, vulnerabilities and potential damages of your railway-specific system. We recommend important protection measures that should be implemented and provide a prioritised list of security measures and an action plan to mitigate vulnerabilities, risks and on conformities identified by our security analysis.
The assessment and testing services related to IT security for railway applications are based on the IEC 62443-4-1, IEC 62443-3-2, IEC 62443-3-3 and EN 50159 standards, and the pre-norm DIN VDE V 0831-104. As one of the first providers in this field, TÜV SÜD offers testing services that encompass IT security management, risk analysis, security testing (penetration and robustness tests) and process analysis. This approach helps to identify risks for the railway application and results in an action plan with steps to reduce risks. Technical checks on IT components and systems are also conducted. Upon request, we can perform a conformity check against internal security documents or relevant standards such as IEC 62443 or DIN VDE V 0831-10X.