The Rolling Stock business unit at Siemens Mobility has been certified by Germany’s TÜV SÜD for meeting the international IT security standard IEC 62443. The certification proves that the train control and IT systems in the company’s high-speed trains, regional trains, metros, trams, locomotives, components, and rail solutions are adequately protected against cyber attacks.
“With the certification, we give our customers and authorities a guarantee that the IT of trains and rail solutions are in particular protected against disruptions and cyber attacks and respond to the legal requirements. Cybersecurity is a fundamental prerequisite for ensuring the availability of trains,” said Sabrina Soussan, CEO of Siemens Mobility.
For the past five years, the development of rolling stock at Siemens Mobility has been subject to a stringent risk-based approach to IT security in which individual risks are identified for each project, and adequate, tailored security measures are taken. This IT security process has already been used by the company in over one hundred projects. The German IT Security Act, which has been in force since July 2015, along with the Kritis Regulation of 2016 and other legislative initiatives like the European Cybersecurity Act also require corresponding protective measures from the rail industry.
Siemens Mobility pursues a holistic approach to IT security that embraces the entire supply chain. Various control and guidance systems as well as public and in-house information technologies are included, such as train control systems with safety-critical and non-safety-critical IT systems, train operator systems, passenger information systems, passenger internet, and cloud-based interfaces between trains and the Network Operation Center.