Security consulting
Cyber security is becoming increasingly important. Protect your infrastructure!
ContactSecurity consulting
Challenges
Increasing cyberattacks on public transport are damaging the integrity and security of the entire transport infrastructure. Data theft, ransomware attacks and the manipulation of IT systems in vehicles are lurking dangers. Exposures in connected vehicles and digital interfaces to external services are particularly vulnerable. Missing software updates also pose a risk.
Stricter legal requirements
Another challenge is the increasing tightening of legal regulations. Tenders for the procurement of ITC systems require more and more compliance with security standards. Both processes, i.e. software updates, and technologies such as firewalls are required to comply with international standards (ISO27001, EN62443, TS50174, etc.).
Transport companies are particularly vulnerable
Why are transport companies in particular vulnerable to cyber attacks? Like defence or energy supply, for example, public transport is part of the so-called critical or system-relevant infrastructure and therefore requires special protection from hackers. The integration of digital technologies and the many outdated IT systems of transport companies make the sector vulnerable to digital crime. Dependencies on existing hardware and suppliers make modernisation efforts difficult and employees are busy with operations, leaving little time for new projects.
5 steps to a secure infrastructure
The following five steps will help you to ensure a secure infrastructure:
1. Evaluate
The first step is to acquire the necessary knowledge to set up a secure infrastructure. If this does not exist within the company, seek external advice. Create an inventory of the existing systems, networks, interfaces and protocols. Which applications are especially worth protecting? Then identify the risks and possible technical, human and physical points of attack. Make sure you know your legal responsibilities. Finally, use all these key points to create a collection of risks to be managed.
2. Design
Define a security-oriented system and communication architecture. Divide your IT landscape into areas (so-called zones) to gain a better overview. This allows you to define your protection requirements. Determine access rights and responsibilities and create the technical design including firewalls, gateways and encryption. Check your concept for compliance with applicable standards (including BSI basic protection, EN62443, TSI 50174, ISO 27001 and others).
3. Apply
Implement the technical and organizational changes step by step: security is not a project, but a continuous journey. Implement the measures, migrate the infrastructure where necessary and introduce the new processes. Actively analyze all security incidents and have your logs evaluated by specialists (e.g. in a Security Operations Center SOC). Actively manage your risks.
4. Control
Check your infrastructure and processes regularly and use specialized companies for external audits, penetration tests and so on. This will enable you to identify deviations from standards at an early stage and carry out successful security monitoring. Certifications are also an important part of this.
5. Respond
The final step involves response planning. This comprises a series of instructions that help IT staff to recognize and respond to security incidents in a network. Recovery planning refers to the planning of a subsequent recovery plan that defines policies and procedures for responding to IT security breaches. Mitigation includes measures to repair software weaknesses. Internal and external communication are of central importance. Everything is done according to the motto: Learn and improve.
Our upcoming workshops on cyber security:
We support you – for more security in your infrastructure.
Beat Stettler
Managing DirectorDirk Güthlin
Account Manager Traffic SolutionsTim Bütler
Account Manager