Skip to main content

Cybersecurity Awareness

Project tasks

  • PROSE presentation on the current state of the railway industry
  • PROSE presentation on the future development of the railway industry
  • In-depth discussion on TS 50701, security vs. safety and discussion on standards
  • Interactive brainstorming on the gap analysis
  • Consolidation of the results of the gap analysis and prioritisation
  • Analysis of the customer’s security documentation
  • Summary and definition of the next steps and goal

Our approach

The digital transformation of the rail industry is accelerating at an unprecedented pace. With increasing connectivity comes the urgent need to improve cybersecurity frameworks to ensure resilience against evolving threats. A recent industry workshop highlighted key findings on the current state of cybersecurity in railway systems and the expected regulatory changes that will shape the future.

Security in the railway sector has traditionally focused on protecting people and machines. However, cybersecurity has now become a critical factor in protecting IT systems, infrastructure and sensitive data. Despite their relevance, many existing railway standards provide only limited guidance on cybersecurity. Important standards such as EN 50126, EN 50716 and EN 50129 recognise security concerns but do not provide concrete measures. The IEC 62443 series, which emerged in the 2010s, has become a fundamental security framework, but its full integration into railway systems is still a work in progress.

A key challenge in cybersecurity is the human factor. Unclear role definitions in projects can lead to security risks – for example, through software updates that are implemented without sufficient validation and can compromise critical systems. Clear role definitions and structured safety processes are necessary to minimise such risks.

The future of railway safety will be shaped by new guidelines and harmonised standards designed to close existing safety gaps. Several regulatory developments will redefine safety requirements in the sector. The NIS 2 Directive obliges operators of critical infrastructure, including the railway industry, to take comprehensive cybersecurity measures. Companies in the supply chain will also have to prove their compliance in future.

The Cyber Resilience Act (CRA) places strict security requirements on manufacturers and suppliers of digital products, including railway technology. IEC 63452 is expected to become a global benchmark for cybersecurity in railway systems and combines elements from IEC 62443 and TS 50701 to create a standardised security framework. In addition, there is a trend towards common cybersecurity services – for example in the areas of authentication, logging and network security to ensure standardised protective measures for critical rail systems.

Customer benefit

Railway operators, manufacturers and suppliers must proactively adapt to these new regulations. Key recommendations include:

  • Identification and inventory of all assets (especially SW)
  • Conducting cybersecurity risk assessments to identify vulnerabilities
  • Establish clear security requirements for suppliers and ensure compliance throughout the value chain
  • Implementing security-by-design principles in the development of new products
  • Strengthen security incident response capabilities to effectively manage threats

By taking a proactive approach, the industry can ensure the safety, reliability and resilience of railway systems in an increasingly connected world.

  

Investigation on European EMU brake systems

Customer: leading international brake equipment manufacturer

Project tasks

  • Project management
  • Requirements capture
  • Concept development
  • System integration

Our approach

The project aimed to assist a leading international brake equipment manufacturer in navigating the complex landscape of European brake system regulations, generic design principles, and requirements for brake certification. The primary challenge was to provide the manufacturer with a consistent and clear understanding of these regulations to facilitate the development and certification of their brake systems for the European market. This support was crucial for ensuring compliance with stringent European safety standards and improving the manufacturer’s competitive edge in the international market.

Based on publicly available information and own experiences, PROSE provided a comprehensive investigation report with following main chapters:

  • European and American design philosophy and safety principles for emergency braking in EMU
  • Brake performance of current EMU train designs in Europe
  • Redundancy on emergency braking command and functions
  • Emergency Braking according EN 16185-1 and EN 15734-1
  • Brake system requirements for EMUs according to European TSI regulations
  • Brake system control signal according to EN 15611:2020

Customer benefit

As a result of this project, PROSE’s customer obtained an in-depth and detailed understanding of the general requirements and best practices associated with European EMU brake design. This comprehensive insight enabled the manufacturer to align their products with European standards, thereby enhancing their ability to meet certification requirements. Additionally, the detailed investigation report served as a valuable reference for the customer’s engineering and design teams, facilitating informed decision-making and innovation in brake system design. Overall, the project significantly boosted the customer’s capability to produce compliant, reliable, and competitive brake systems for the European rail market.

 

      

Design and authorisation strategy for a rail-bound maintenance machine

Customer: SCHÖMA, Germany

Project tasks

  • Vehicle authorisation strategy
  • Design assurance (Systems Engineering)
  • Concept development
  • Technical evaluation of offers and technical coordination with suppliers
  • Project management

Our approach

SCHÖMA plans to develop a proven, powered, three-part rail-bound maintenance machine with cab, loading platform and crane called HERO. SCHÖMA needs support in developing the authorisation strategy to fulfil the EN 14033 standards and in defining the design process including verification and validation.

PROSE developed the decision-making basis for the authorisation process enabling a defined combination of the three vehicles of the working machine to be approved and the verifications and evidence according to EN 14033 to be provided. PROSE also supported SCHÖMA in the budget planning phase of the development of the HERO work machine in the evaluation of supplier offers for systems and components such as the power train, braking system, power generation, train protection (ETCS) and heating, ventilation and air conditioning (HVAC). In addition, PROSE defined the design phases and the design assurance process according to the systems engineering methodology to ensure a defined and structured design process.

Customer benefit

PROSE has structured and optimised SCHÖMA’s development process by systematically applying the system engineering methodology. This approach has not only minimised development risks associated with costs and timelines but has crucially enhanced the predictability and likelihood of obtaining the necessary authorisation.

 

          

General Contract of Use for freight wagons (GCU) in Railway Undertakings (RU)

Customer: SBB Cargo, Switzerland

Project tasks

  • Analyse the current state, identify weaknesses and strengths, and document responsibilities and workflows
  • Develop a target model with clear responsibilities, efficient processes, and the use of new digital tools such as the GCU-Broker
  • Implement the new processes, including employee training and the establishment of overarching responsibility for GCU

Our Approach

The project to optimise the GCU (General Contract of Use for freight wagons) tasks within SBB Cargo’s RU (Railway Undertaking) role addressed the growing demands of European freight transport and the increasing expectations for legal and process compliance. The primary goal was to establish a clear and robust organisation of responsibilities within the RU role, meeting both the requirements of the GCU and relevant EU regulations. This realignment was achieved through a systematic review of existing processes and structures. Key challenges included the precise delineation of roles between the railway undertaking and the wagon keeper, as defined by the GCU provisions. In particular, the requirements arising from oversight by the Swiss Federal Office of Transport (FOT) necessitated reorganisation, as unclear responsibilities had previously hindered audit outcomes.

Additionally, action was required for key operational processes such as the re-commissioning of freight wagons after repairs, the verification of GCU-compliant wagons within train formations, and the retrieval of technical wagon data from third-party keepers. These areas are critical for ensuring safety and quality standards. At the same time, the entire scope of GCU tasks is subject to increasing regulation, which will be further intensified by the BAV (Federal Office of Transport in Switzerland) from 2026 onwards. To meet these demands, SBB Cargo’s internal processes must not only become more efficient but also legally sound.

The project was implemented in multiple phases. In the first phase, the current state of GCU tasks was documented, and key strengths and weaknesses were identified. This analysis was completed by May 2024. Building on this, by August 2024, a target process was developed that defines clear responsibilities, optimises existing workflows and incorporates digital solutions such as the GCU-Broker. This tool is intended to replace the manual processing of damage reports, thereby modernising data exchange. Starting in January 2025, the target process will be implemented, with a focus on appointing a central overall responsibility for GCU tasks, covering both strategic and operational duties. The project team included PROSE internal experts and external consultants from BAHNVERSTAND, who provided methodological support and strategic recommendations.

Customer benefit

​The implementation of the project delivers significant benefits for customers through more efficient and reliable handling of GCU tasks. Clear responsibilities and improved processes reduce delays and enhance legal certainty in operations. The integration of digital solutions, such as the GCU-Broker, lowers administrative costs and accelerates data exchange. Furthermore, compliance with new legal requirements, particularly EU and FOT regulations, ensures long-term legal security and minimises liability risks. Overall, the project strengthens SBB Cargo’s position in the European freight transport market and ensures sustainable future viability.

 

Program Management ATO Sector Program

Customer: BLS Netz AG, Dr. Florian Kappler, Switzerland

Project tasks

  • Program Management
  • Project Planning
  • Coordination among all Swiss ATO projects
  • Leading the marketing team to develop and maintain the ATO website
  • Quarterly reporting to the steering board (railway undertakings, infrastructure managers and industry)
  • Coordination with stakeholders, such as the national authority BAV, as well as the industry
  • Supporting specific ATO projects with technical-, operational- and business advisory

Our Approach

In May 2022, the Federal Office of Transport called on the rail sector to align and better coordinate future ATO activities within the Swiss rail sector.

PROSE was commissioned to manage the programme for all Swiss ATO projects. In close cooperation with the ATO core team, PROSE established regular monthly exchanges and jointly identified and developed central cross-cutting topics.

In addition, PROSE also led the communication team and worked with this team to develop and maintain the ATO industry website (https://voev.ch/ato). Furthermore, PROSE initiated an ATO-related conference day that invited and actively involved the industry in ATO developments.

Customer benefit

With PROSE as a partner, the customer benefits from comprehensive expertise in the areas of on-board signalling, ETCS and ATO, both on the line and on the vehicle side. An entrepreneurial approach, in-depth technical knowledge and market knowledge are essential for a successful programme design in the first year.

The customer does not need to develop its own project-specific management resources, as PROSE, as an independent consultant, coordinates the related interests of all project managers.

 

   

Vehicle Authorisation

Customer: various customers

Project tasks

  • Carrying out requirements capture and preparing the safety evaluation, including risk analysis
  • Preparation and management of evidence documents
  • Cooperation and coordination of NoBo, DeBo and AsBo
  • Support in preparing several declarations and dealing with online registers like ERATV or ERADIS
  • Management of the change notification to the ERA or national safety authorities like EBA for changes not requiring an authorisation
  • Management of authorisation applications via One Stop Shop to the ERA for changes requiring authorisation
  • Coordination with the ERA and national safety authority

Our Approach

Vehicle operators or leasing companies make changes to their vehicles for very different reasons, e.g. for obsolescence reasons or to offer passengers a better service by customising the interior and adding features such as sockets or WLAN. In addition to providing engineering services, PROSE supports such projects by taking over the entire approval management process, including communication with all the bodies and authorities involved.

The authorisation process ensures safe rail transport and the best possible interoperability throughout the EU. However, implementing changes to rolling stock presents a significant challenge to operators, keepers, and owners.

At PROSE, we recognise that each railway vehicle is unique. Our team of experts develops vehicle authorisation strategies that address the specific challenges of our customer’s products and needs. From Requirements Capture to One Stop Shop, our experts have the knowledge to guide you through the process. Whether you only need assistance with a single task or are looking for a complete solution, we can provide solutions to meet your particular requirements.

Customer benefit

Modernisations and retrofits guarantee enhanced reliability and superior passenger comfort and open up new applications by integrating new systems. Whilst operators and workshops can focus on their primary tasks, PROSE can handle all the “paperwork” from the engineering and the preparation of evidence documents to the assessment and authorisation phases with bodies and authorities involved. Due to our comprehensive service portfolio, we help reduce interfaces and effort because all services are coordinated and come from a single source.

PROSE ensures that our customers’ railway vehicles comply with the latest standards and regulations. From document preparation to submission, we make sure that vehicle approval hurdles don’t derail your success.

 

      

ECM consulting & support

Customer: various customers

Project tasks

  • Kick-off workshop / training
  • Creating a mapping table
  • Gap analysisand elaboration of suggestions for improvement
  • Advice, suggestions, support on specific topics (as required)
  • Review of documents (e.g. process descriptions, procedural instructions, forms, etc.)
  • Suggestions for improvement

Our Approach

​The customer is supported in understanding and implementing the ECM requirements, whereby a gap analysis determines the maturity level of the maintenance organisation. Basic training on ECM topics can be offered in advance. In the trial audit, documents are checked, weaknesses are identified, and assistance is provided to rectify them. The certification audit starts with a Stage I audit, after which PROSE offers support in implementing the auditor’s comments. PROSE can also inspect the customer’s workshop and identify potential weaknesses before the audit.

Customer benefit

The customer is accompanied on the path to successful certification of ECM functions in accordance with Regulation (EU) 2019/779. The organisation’s existing knowledge on these topics is brought up to date. The organisation is enabled to meet the requirements and pass the audit with the certification body.

Moreover, support in the daily ECM challenges regarding:

  • Risk management according to CSM-RA
  • Competence management
  • Documentation process
  • Supplier management
  • Audit plan
  • Definition of Safety Critical Components according to Article 4
  • Interface definition and information flow between the functions
  • Independent delta assessment in order to improve the internal procedures and processes

Why support by PROSE? For saving time and money by becoming more efficient and due to lack of know-how.

 

      

Digitalisation Maintenance Instructions

Customer: SBB Historic, Switzerland

Project tasks

  • Research: Review of the old maintenance regulations for each vehicle
  • Expert interviews: Ensuring the transfer of expertise to supplement/correct the old maintenance regulations
  • Documentation: Creation of maintenance plans for each vehicle
  • Release: Incorporation of customer feedback and internal release of the maintenance plan

Our Approach

PROSE supports the client in creating maintenance plans for the first 14 traction units and 3-4 coach fleets. These can only be partially derived from old regulations and thus completed and adapted accordingly and transferred to a digitalised maintenance concept. A significant proportion of the maintenance work is carried out voluntarily by associations. This particular situation must be taken into account in the concept development. PROSE also provides relevant support for introducing the ZEDAS maintenance software on the customer side.

Customer benefit

The client receives a digitalised, standardised and consistent maintenance plan landscape for the vehicles to ensure the safe, standard-compliant and efficient planning and implementation of maintenance measures using in-house, association and external services.

The logic and conceptual design of the maintenance plans, regardless of whether they relate to steam locomotives, electric locomotives or multiple units, will be aligned accordingly, thus creating content, processes and documentation specifications that are much easier to understand and can also be communicated to volunteer maintenance staff to ensure safe rail operations.

The implementation already considers European standards for safe maintenance and their functional allocation in the organisational development. This will ensure a gradual expansion of the client’s maintenance services towards a modern, digital maintenance organisation.

   

Vehicle procurement – Manufacturing Supervision, Quality Control and Factory Tests

Customer: various customer

Project tasks

  • Acceptance of the welded car bodies / bogie frames
  • Paint inspection and acceptance
  • Intermediate acceptance of main electrical components
  • Intermediate acceptance of interior fittings
  • Factory acceptance/customer acceptance

Our Approach

By regular participation in the vehicle acceptance tests and constant coordination with the team of the vehicle manufacturer, PROSE checks the quality of the production. The customer is permanently kept up to date by the acceptance team regarding the progress of the production as well as possible complications or deadline postponements. He immediately receives the results of the production controls and acceptances and can follow up changes, modifications etc.

The dates for the acceptance of components, intermediate assembly stands and vehicles ready for delivery follow the production plan but are also handled operationally and flexibly in order to be able to react to specific occasions. In this way, control of the construction process is always ensured and there is the possibility of intervention in the event of difficulties such as quality slumps, scheduling, supply, or capacity problems.

Customer benefit

With manufacturing supervision, the manufacturer’s quality assurance process is checked and monitored in addition to the product quality, because every vehicle has gone through this process before it is presented for factory acceptance. Continuous construction supervision ensures consistent quality at a high level.

      

Specifications for emission-free power supply for construction sites

Customer: SBB AG, Switzerland

Project tasks

  • Review and evaluation of the requirements from the specification sheet
  • Discussion and agreement of the commented requirements in a workshop
  • Identification of the requirements that require a risk assessment
  • Creation of a risk assessment
  • Transfer of the requirements into a requirements management system (ReqSuite®)
  • Individual assessment and binding of the requirements

Our Approach

PROSE has drawn up a questionnaire based on these specifications in the sense of “Does a manufacturer have sufficient information? Are the requirements sufficient for the product to be used by SBB”. PROSE checked and evaluated the requirements from the existing specification. The annotated requirements specification was discussed and agreed upon together in a workshop and the requirements requiring a risk assessment were identified. Subsequently, a risk assessment was prepared. The requirements were transferred from the developed basis into a requirements management system (ReqSuite®). The requirements were evaluated individually and given a binding nature in order to evaluate offers received in the subsequent call for tenders.

The requirements specification was then converted into a format that SBB could import into its requirements management system (Polarion®).

Customer benefit

The client received a specification sheet with comments and a supporting questionnaire that allowed him to formulate the requirements more precisely and comprehensibly. Testing, evaluation and identification of requirements that require risk consideration contribute to quality assurance and minimise potential risks in the project. The risk consideration and the binding nature of the requirements enable better preparation for the tender, which improves the quality of the incoming offers. The conversion of the requirements specification into a compatible format for SBB’s requirements management system ensures a smooth integration and use of the requirements by the customer.

 

Support with Assembly Line Layout – PRIMA Mid-Life Overhaul

Customer: AKIEM, France

Project tasks

  • Project Management
  • Concept & Development
  • Workshop Layout
  • Industrial engineering of mid-life overhaul of railway equipment

Our Approach

Akiem decided to transfer production to an industrial partner during the construction and commissioning of Akiem Technik’s site in Ostricourt as part of the PRIMA Mid-Life Overhaul (MLO) project. It is important that Akiem has an efficient industrial production facility in order to be able to ramp up production of mid-life operations on PRIMA locomotives in 2023 at the earliest. It is, therefore, necessary to set up an effective industrial production in the partner’s workshops.

We provided Akiem with our expertise and knowledge of workshop layout, and made sure they had the support needed at every stage of the process. The aim was to define all the production resources required for this modernisation project, and to ensure that the customer met their production rate targets. Keeping efficiency in the workshops and delivering productive solutions.

Customer benefit

PROSE has a long experience in assisting realisation and implementation of industrial layouts in the context of mid-life overhaul of rail vehicles. We can ensure the optimised flow of vehicles by developing the workload plan per workstation and the balancing of the workstations. The supply chain aspect and the management of logistics flows are integrated into the overall study. Making sure our customers get the best solution possible.

 

   

Assistance to the project owner for the renewal of contracts for the regional interurban public transport network

Customer: Région SUD , France

Project tasks

  • Project management
  • Provision of techno-commercial advice

Our Approach

Background: In the context of the evolution of the future scope of scheduled services, and considering the adoption of the Law of 24 December 2019, “Orientations des Mobilités”, the Transport Organizing Authority (AOT), the Southern Region defines its service offering.
The Region needed to strengthen these capacities in the face of the procedures for renewing contracts for the regional interurban public transport network in the Alpes de Haute-Provence region and the reorganisation of the Regional Express Lines in the areas concerned.

Approach: PROSE joined forces as a consortium to respond to this call for tenders. The consortium, led by the company Trans-missions, is made up of PROSE for its expertise in rolling stock, but also Tractebel for the infrastructure part.

Customer benefit

PROSE is supporting the South Region in the preparation, development and negotiation of a new operating agreement with SNCF Voyageurs. Our profound expertise in rolling stock empowers us to provide valuable advice for enhancing the terms of the operational monitoring contract. We focus on critical aspects such as reliability clauses, availability assurances, and proactive obsolescence monitoring. In the field of maintenance, PROSE’s expertise is made available for an accurate assessment of the advertised costs.

In the pursuit of the opening of regional passenger rail lines to competition, PROSE provides technical assistance on the new calls for tenders to come., Our technical expertise is poised to address critical areas, including:

  • ERTMS installation
  • Rolling stock maintenance
  • Sustainable development
  • Technical sizing of maintenance and siding sites, etc.

 

   

© PROSE. All rights reserved