TÜV SÜD awarded Siemens Mobility’s Rolling Stock business unit the certificate for meeting the international IT security standard IEC 62443, which proves that the train control and IT systems in the company’s vehicles, components, and rail solutions, are adequately protected against cyberattacks.
For the past five years, the development of rolling stock at Siemens Mobility has been subject to a stringent risk-based approach to IT security in which individual risks are identified for each project, and adequate, tailored security measures are taken.
This rigorous IT security process has already been used by the company in over 100 projects. The German IT Security Act, which has been in force since July 2015, along with the Kritis Regulation of 2016 and other legislative initiatives like the European Cybersecurity Act also require corresponding protective measures from the rail industry.
Siemens Mobility uses various control and guidance systems as well as public and in-house information technologies, such as train control systems with safety-critical and non-safety-critical IT systems, train operator systems, passenger information systems, passenger internet, and cloud-based interfaces between trains and the Network Operation Center.
“With the certification, we give our customers and authorities a guarantee that the IT of trains and rail solutions are in particular protected against disruptions and cyberattacks and respond to the legal requirements. Cybersecurity is a fundamental prerequisite for ensuring the availability of trains,” Sabrina Soussan, CEO of Siemens Mobility, said.