Rolling stock cyber-security is certified for Siemens Mobility

The Rolling Stock business unit at Siemens Mobility has been certified by Germany’s TÜV SÜD for meeting the international IT security standard IEC 62443.

The certification proves that the train control and IT systems in the company’s high-speed trains, regional trains, metros, trams, locomotives, components, and rail solutions are adequately protected against cyber-attacks.

For the past five years, the development of rolling stock at Siemens Mobility has been subject to a stringent risk-based approach to IT security in which individual risks are identified for each project, and adequate, tailored security measures are taken. This rigorous IT security process has already been used by the company in over one hundred projects.

The German IT Security Act, which has been in force since July 2015, along with the Kritis Regulation of 2016 and other legislative initiatives like the European Cybersecurity Act also require corresponding protective measures from the rail industry.

Siemens Mobility has adopted a holistic approach to IT security that embraces the entire supply chain. Various control and guidance systems as well as public and in-house information technologies are included, such as train control systems with safety-critical and non-safety-critical IT systems, train operator systems, passenger information systems, passenger internet, and cloud-based interfaces between trains and the Network Operation Centre. It is this approach, they state, that has resulted in the worldwide largest IEC 62443 certification to date.

“With the certification, we give our customers and authorities a guarantee that the IT of trains and rail solutions are protected against disruptions and cyber-attacks and respond to the legal requirements. Cyber-security is a fundamental prerequisite for ensuring the availability of trains,” commented Sabrina Soussan, CEO of Siemens Mobility.