You are here:
  1. Home
  2. Rail Service
  3. Services
  4. Services for SVU
  5. IT Systems and IT Security

IT Systems and
IT Security

Consulting IT Security
IoT, OT & Product Security
Security Testing
Penetration Testing

Consulting IT Security
Advice on and implementation of relevant security standards such as IEC 62443, CLC TS 50701, NIS2 and ISO/IEC 27001.
Advice on setting up an information security management system (ISMS) based on IT baseline protection (German BSI "Grundschutz-Kompendium")
Optimisation of the security architecture of the basic infrastructure, for example using the Zero Trust model
Risk assessment for systems and applications (e.g. analysis and assessment of train-to-ground communication)
Definition of security measures to protect functions in railway IT systems against attacks
Promoting security awareness and skills among staff through targeted training and awareness programs
Conducting threat and risk analyses to identify and assess security risks in system architectures

IoT, OT & Product Security
Conducting threat assessments and defining risk management measures for IoT devices and industrial products
Advising on the implementation of security measures for operational technologies (OT) in industrial environments
Support in the implementation of security measures for industrial control systems, including compliance with relevant standards such as IEC 62443
Advice on national and international regulatory requirements and standards to ensure the security and compliance of IoT and OT systems
Developing and recommending preventive measures to ensure the resilience of IoT and OT products against cyber threats
Support in handling IT security incidents, including incident response and digital forensics to quickly identify and resolve vulnerabilities
Assist with the implementation of ISO 27001 and the establishment and maintenance of an information security management system (ISMS) in industrial and IoT environments.

Security Testing
Rail vehicle security analyses to determine and validate the security level (SL) in accordance with IEC 62443
Security consulting and training for railway developers, operators and decision makers
Conducting OSINT analysis to determine the current public attack surface
Scenario-based testing through realistic simulation of cyber-attacks
Testing resilience to attacks on availability through DoS simulation
Assessment of employee awareness through targeted phishing simulations
Red-teaming simulations to assess the resilience of the organisation and its responses

Penetration Testing
Performing penetration tests to identify security vulnerabilities in products and systems, including traditional IT infrastructures
Penetration testing of the IT infrastructure of rail vehicles and railway systems to ensure the integrity and availability of the systems
Pentests of the IT infrastructure of vehicles and track facilities
Conducting security checks for web applications and APIs to identify and guard against potential vulnerabilities
Penetration testing of mobile and desktop applications to identify vulnerabilities that could compromise sensitive data and systems
Industrial systems security checks to identify and remediate vulnerabilities in the OT infrastructure
Definition of specific measures and recommendations to address identified vulnerabilities in IoT and OT products