Cybersecurity for Rolling stock

Establishing an effective cybersecurity strategy is the essential starting point for any company within the railway supply chain, be it an operator, OEM, or product manufacturer. Within a fast-pivoting world, where new rules and standards are coming fast, be it NIS-2, Cyber Resilience Act, IEC 63452, TS 50701, IEC 62443 and others, it can be hard to keep track and know where to start.  We offer strategic support helping you to define a tailored Cybersecurity strategy.

To start the journey two key elements must be tackled first:

• Asset visibility – Establishing a clear understanding of all assets in place is essential before effective protection can begin.
• Risk analysis – Identifying vulnerabilities and prioritizing threats is essential to focus efforts where they matter most.

We offer the following services:

• Asset identification
• Risk management
• Workshops
• Cross-domain rail Cybersecurity
• Resilience and management
• Incident management
• Gap analysis of new and existing systems

Defining the right tailored cybersecurity requirements is key when procuring new rail assets such as trains. Simply referring to standards is often not enough to get what you need: Security measures that make sense for your operations, without being overengineered, too expensive or solving a problem which you might not have.

We help you define cybersecurity requirements that are practical, relevant, and tailored to your specific context. Our specialists collaborate with you to ensure your procurement process sets the right course from the very beginning

We offer the following services:

• Support with train procurement & tender requirements
• Definition and management of supply chain requirements & exported constraints

Cybersecurity must be an integral part of the development, both for trains and for the wider supply chain involved in building trains and rail infrastructure. New regulations, such as the Cyber Resilience Act, make this a legal binding requirement, directly affecting key engineering areas like software development and network engineering.

Our deep expertise in cybersecurity and safety, combined with a thorough understanding of the railway domain, enables us to deliver high-quality solutions tailored to your specific needs

We offer the following services:

• Validation of technical documentation
• Architecture analysis
• Data protection mechanisms concepts
• Zero trust concepts 
• Access control
• Network security
• Intrusion detection / prevention
• Safety & security case

Vehicle authorisation is becoming increasingly complex as requirements and regulations continue to evolve. Cybersecurity, still a relatively new discipline, now impacts all areas of the vehicle, including safety systems. Effectively managing both safety and cybersecurity is becoming essential to successfully navigating the vehicle authorisation process. At PROSE, we have long-standing experience with authorisation related to safety, along with a strong track record in cybersecurity development and risk assessment, especially where the two areas overlap. This combined knowledge allows us to support your vehicle authorisation process with confidence and clarity.

We offer the following services:

• Compliance & conformity assurance
• Guidance for NIS-2, CRA, TS 50701

One of the major vulnerabilities in railway assets lies in the maintenance process. This can include insecure maintenance methodologies like outdated and vulnerable service laptops, unsafe design and configured remote access or lack of thorough authentication and identification processes. We have seen these issues across the industry and understand how they can impact the security of your rail assets. We help you analyse your current situation and define targeted measures to ensure your rail asset’s security through the entire lifecycle

We offer the following services:

• Real-time threat monitoring
• Vulnerability management
• Secure maintenance
• Human factor & Social Engineering
• Penetration testing

Keeping rail assets up to date has never been more critical. With the sharp rise in evolving cyber threats and politically motivated cyberattacks, particularly across Europe, comprehensive knowledge of your systems, their vulnerabilities, and the appropriate mitigation strategies is essential. For legacy vehicles, substantial cybersecurity enhancements are most effectively implemented within the scope of a retrofit project. In the interim, alternative security measures may be more appropriate, depending on the operational context. Our experts support you with precision, whether through penetration testing, vulnerability assessments, or by defining tailored cybersecurity requirements for your upcoming retrofit initiative.

We offer the following services: