“With the certification, we give our customers and authorities a guarantee that the IT of trains and rail solutions are in particular protected against disruptions and cyberattacks and respond to the legal requirements. Cybersecurity is a fundamental prerequisite for ensuring the availability of trains,” said Sabrina Soussan, CEO of Siemens Mobility.
For the past five years, the development of rolling stock at Siemens Mobility has been subject to a stringent risk-based approach to IT security in which individual risks are identified for each project, and adequate, tailored security measures are taken. This rigorous IT security process has already been used by the company in over one hundred projects. The German IT Security Act, which has been in force since July 2015, along with the Kritis Regulation of 2016 and other legislative initiatives like the European Cybersecurity Act also require corresponding protective measures from the rail industry.
Siemens Mobility pursues a holistic approach to IT security that embraces the entire supply chain. Various control and guidance systems as well as public and in-house information technologies are included, such as train control systems with safety-critical and non-safety-critical IT systems, train operator systems, passenger information systems, passenger internet, and cloud-based interfaces between trains and the Network Operation Center. This approach resulted in the worldwide largest scope, that has ever received an IEC 62443 certification.