Independent cyber security assessment
Understand your cyber security risks and digital resilience, and ensure you meet industry, legal and regulatory standards with an independent cyber security assessment.
Assess your cyber security risks and evaluate your digital resilience
The rail industry is becoming increasingly digital. This leads to more exposure to vulnerabilities and cyber security breaches.
Current trends in the rail sector suggests cyber-attacks on railways are doubling annually. These attacks are not only targeting core IT systems, but operational systems and connected rail hardware that results in substantial financial, service, and reputational losses as well as significant safety risks.
Do not wait until you detect a compromise or need to respond to a cyber incident. Railway Operators, maintainers and suppliers must demonstrate its resilience to emerging threats through independent cyber security assessments and cyber security monitoring.
An independent security assessment (cyber) evaluates the robustness of your mitigations relating to your IT systems and infrastructure. It encompasses an organisation's processes, governance and physical assets, as well as its interactions with customers, staff and external entities.
Ricardo’s team of rail cyber security experts will perform a in-depth assessment of your risks against industry and global standards including IEC 62443 (the global standard for the security of Industrial Control System networks) and TS50701.
Our assessment, tailored specifically to your organisation, considers not only the general characteristics of the rail industry but also the unique aspects of your rai systems, including open and accessible environments.
Your organisation will gain a clear understanding of which risks are currently mitigated. The assessment will identify risks and non-conformities, including those posed by non-malicious actors. Our experts will provide proportionate guidance along with appropriate protective measures to address the risks identified.
Protecting rail users and supply chain
Cyber incidents expose rail users and the rail supply chain to significant risks, including, in the worst-case scenario, loss of life. Demonstrate your commitment to safety and the protection of your supply chain by proactively assessing and addressing current and emerging threats to ensure resilience.
Data loss and business interruption
Secure your personal, business, and financial data while protecting against operational and financial losses. Safeguard your organisation from temporary shutdowns due to system corruption by proactively assessing potential risks, reducing the likelihood of disruption and sensitive data breaches.
Protect your reputation
A cyber incident could have significant safety, financial, legal and reputational implications for your organisation. By investing in an independent cyber security assessment, you are reducing your exposure to cyber incidents and protecting reputational risks.
Compliance with local / international standards and legislation
When supplying systems to operators, you’re committing to the highest possible safety and security standards. Provide independent assurance to your government / operator end-client through the provision of independent security assessments, to demonstrate compliance the expected standards.
Safety runs deep in Ricardo’s DNA
This safety expertise coupled with Ricardo’s cyber security specialism – Ricardo’s experts are unique in having cyber security expertise with extensive experience and capability across the rail industry.
Collaborative independence
Ricardo offers independent security assessment (Cyber) as well as engineering cyber security systems engineering services to enhance the robustness of systems leading up to certification.
An industry voice
Ricardo’s experts contribute to industry committees and working groups, you gain access to the latest techniques and best practice.
The scope of independent cyber security assessment reaches far beyond that of IT systems, deep into railway infrastructure:
Signalling systems
Cyber Security attacks on the most safety critical railway systems create immediate safety risks to passengers and railway workers, the most significant of which could result in collisions or derailments
Rolling stock
The increased scope of train-board TCMS creates vehicle-based vulnerabilities that hinder smooth vehicle operations, creating delays and service interruptions.
Stations
Station focussed attacks typically target communication systems, evaluation controls, escalators and lighting which pose an immediate public safety risk.
Operational control centres
Hackers that seek to create significant impact to passenger safety, attack operational control centres to interrupt data flows and remote communications between stations, drivers and passengers.
Markets
This service is offered within the following sectors.
Projects
Aventra Vehicle Digital Risk Assessment
Read case studyMetrolinx safety assessment
Read case studyQueensland Rail ETCS Safety Assessment
Read case studyIndependent cyber security assessment Resources