IT Security is a new and evolving field for railway applications like electric signalling systems. Security risks can only be covered if manufacturers, operators and system integrators take their responsibilities for security. Nevertheless one has to keep in mind that security measures and solutions from the office IT space cannot simply be adopted without any changes. At the same time, security measures must address performance requirements without disrupting safety functions.
TÜV SÜD is one of the first providers offering consulting in favor of IT security for electric signalling systems. The consulting is based on the IEC 62443-4-1, IEC 62443-3-2, IEC 62443-3-3, EN 50159 standard and the pre-norm DIN VDE V 0831-104. For instance, TÜV SÜD´s risk analysis combines a generic methodology with different railway-specific threat scenarios, damage classes, probabilities of occurrence or so-called security levels. This approach helps to identify risks for the electric signalling environment and results in an action plan with steps to reduce risks. We also perform technical checks on IT components and systems. Upon request, we will conduct a conformity check against internal security documents or relevant standards such as IEC 62443 or DIN VDE V 0831-10X.
Our service will support you in understanding critical interfaces and determining the actual security level of your railway application, system or device. All identified vulnerabilities are assessed and documented. We also identify non-conformities with relevant security standards as well as weaknesses in processes and provide a prioritized action plan. This enables you to communicate risks to management, define appropriate protective measures and recognise the residual risk. You will be able to protect against safety hazards, downtime and financial damage caused by cyber attacks.
From the onset, our IT security experts are able to provide comprehensive advice and guidance to define security objectives, identifying risks, vulnerabilities and potential damages of your railway-specific system. We recommend important protection measures that should be implemented. Furthermore we provide a prioritised list of security measures and an action plan for you to mitigate the vulnerabilities, risks and non-conformities which had been identified by our security analysis. Our experts support you in maintaining your productivity and competitiveness in your market share by improving your security against cyber attacks.