onway Logoonway.ch

onway services

Security consulting

Cyber security is becoming increasingly important. Protect your infrastructure!

Contact

Security consulting

Challenges

Increasing cyberattacks on public transport are damaging the integrity and security of the entire transport infrastructure. Data theft, ransomware attacks and the manipulation of IT systems in vehicles are lurking dangers. Exposures in connected vehicles and digital interfaces to external services are particularly vulnerable. Missing software updates also pose a risk.

Stricter legal requirements

Another challenge is the increasing tightening of legal regulations. Tenders for the procurement of ITC systems require more and more compliance with security standards. Both processes, i.e. software updates, and technologies such as firewalls are required to comply with international standards (ISO27001, EN62443, TS50174, etc.).

Transport companies are particularly vulnerable

Why are transport companies in particular vulnerable to cyber attacks? Like defence or energy supply, for example, public transport is part of the so-called critical or system-relevant infrastructure and therefore requires special protection from hackers. The integration of digital technologies and the many outdated IT systems of transport companies make the sector vulnerable to digital crime. Dependencies on existing hardware and suppliers make modernisation efforts difficult and employees are busy with operations, leaving little time for new projects.

It is particularly important to identify weak points in the infrastructure at an early stage and rectify them quickly.
Ivan Bütler
Ivan BütlerBoard Member, Compass Security AG

5 steps to a secure infrastructure

The following five steps will help you to ensure a secure infrastructure:

1. Evaluate

The first step is to acquire the necessary knowledge to set up a secure infrastructure. If this does not exist within the company, seek external advice. Create an inventory of the existing systems, networks, interfaces and protocols. Which applications are especially worth protecting? Then identify the risks and possible technical, human and physical points of attack. Make sure you know your legal responsibilities. Finally, use all these key points to create a collection of risks to be managed.

2. Design

3. Apply

4. Control

5. Respond

We support you – for more security in your infrastructure.