On the right track: Comprehensive cyber security solutions for railway technology

Connected systems offer growing attack surfaces

Increasing connectivity, digitalization and standardization mean that rail transport is increasingly vulnerable to attacks. A holistic security strategy is crucial to identify and secure points of attack such as interfaces (e.g. radio or network connections) and human error.

The regulators have also recognized this. Operators of rail systems are now facing new requirements resulting from the EU NIS 2 regulation and the “Sektorleitlinie” of the German Federal Railway Authority (EBA), for example. In future, manufacturers, suppliers and importers of products with digital components, in particular system houses and component manufacturers of rail applications, will also have to comply with the Cyber Resilience Act (CRA). The CRA sets out clear requirements, including a secure engineering process, comprehensible instructions, machine-readable Software Bill of Materials (SBOMs), vulnerability management over the entire life cycle and risk analyses. Standards such as CLC/TS 50701 and the IEC 62443 series provide practical guidance for implementation. 

Early preparation is crucial for comprehensive cyber security, as NIS 2 will be transposed into national law as early as October 2024 and the CRA is expected to be adopted in 2024 before becoming mandatory in 2027. Non-compliance can lead to severe penalties and even product recalls.

Ensuring effective cyber security requires both cyber security mechanisms in the product and organizational measures at company level. Our team offers comprehensive support from strategy and process consulting to engineering in specific projects. As a cyber security development partner, we support our customers effectively throughout the entire development process with our in-depth knowledge and ensure the holistic integration of cyber security into their products and processes.