On the right track: Comprehensive cyber security solutions for railway technology

Connected systems offer growing attack surfaces

Increasing connectivity, digitalization and standardization mean that rail transport is increasingly vulnerable to attacks. A holistic security strategy is crucial to identify and secure points of attack such as interfaces (e.g. radio or network connections) and human error.

The regulators have also recognized this. Operators of rail systems are now facing new requirements resulting from the EU NIS 2 regulation and the “Sektorleitlinie” of the German Federal Railway Authority (EBA), for example. In future, manufacturers, suppliers and importers of products with digital components, in particular system houses and component manufacturers of rail applications, will also have to comply with the Cyber Resilience Act (CRA). The CRA sets out clear requirements, including a secure engineering process, comprehensible instructions, machine-readable Software Bill of Materials (SBOMs), vulnerability management and risk analyses over the entire life cycle. Standards such as CLC/TS 50701 and the IEC 62443 series provide practical guidance for implementation. 

Ensuring effective cyber security requires both cyber security mechanisms in the product and organizational measures at company level. Our team offers comprehensive support from strategy and process consulting to engineering in specific projects. As a cyber security development partner, we support our customers effectively throughout the entire development process with our in-depth knowledge and ensure the holistic integration of cyber security into their products and processes.