German technology supplier Siemens Mobility has confirmed the cybersecurity of its Rolling Stock business unit for meeting the international IT security standard IEC 62443. It means that the train control and IT systems in the company’s high-speed trains, regional trains, metros, trams, locomotives, components, and rail solutions are adequately protected against cyberattacks.

The certificate was provided by the German certification body TÜV SÜD. It is a new stage in the cybersecurity policy of Siemens Mobility. “With the certification, we give our customers and authorities a guarantee that the IT of trains and rail solutions are, in particular, protected against disruptions and cyberattacks and respond to the legal requirements. Cybersecurity is a fundamental prerequisite for ensuring the availability of trains,” said Sabrina Soussan, CEO of Siemens Mobility.

Risk-based approach

For the past five years, Siemens Mobility was developing the rolling stock using a stringent risk-based approach to IT security in accordance with the German IT Security Act (effective since July 2015), the Kritis Regulation of 2016 and other legislative initiatives such as the European Cybersecurity Act. During this period, the manufacturer has identified individual risks and provided protection with tailored security measures for each particular project. Such practice has been used by Siemens Mobility in over one hundred projects.

Cybersecurity will be discussed during the Intelligent Rail Summit 2019. The event will take place in Paris, France, from 19 to 21 November. Its programme can be found here.