QTMP Cyber Security Consulting and Assessment Project
Challenge
The Queensland Train Manufacturing Program (QTMP) will build 65 new six-car passenger trains at a purpose-built manufacturing facility at Torbanlea on the Fraser Coast in Australia. The programme will also see the construction of a new rail facility at Ormeau in the Gold Coast region.
The QTMP will support the population and economic growth of South East Queensland, as well as Cross River Rail and the Brisbane 2032 Olympic and Paralympic Games.
As part of the project, Hyundai Rotem is responsible for all aspects of EMU supply and the need to conform to cyber security related standards and requirements such as IEC 62443 and CLC/TS 50701.
Approach
To meet the cyber security requirements of the QTMP project, Ricardo will establish a project-specific cyber security risk analysis and assessment process and support the execution of cyber security lifecycle phases in conjunction with the safety management programme.
Ricardo will also provide guidance on the various standards and specifications required to facilitate the execution of the cyber security work for Hyundai Rotem, which is new to cyber security projects. For the testing part (e.g. vulnerability assessment & penetration test), which requires independence in the delivery of cyber security consultancy services, Ricardo will leverage our partnership with NCC Group to support the client.
The work which Ricardo delivers for the QTMP Cyber Security Consulting & Assessment project includes the following activities:
System Definition Phase
- Cybersecurity Management Plan Review
Preliminary Design Phase
- Guide and Review Initial Risk Assessment (IRA)
- Establish an IRA strategy and method
- Review and support IRA
- Assist in responding to comments on existing IRA
- Assist to produce Zone & Conduit models and SLT
Detailed Design Phase
- Conduct Detailed Risk Assessment (DRA)
- Elicit Cybersecurity Requirements
- Further assessment and Update IRA
- Assist to confirm SL-T and Zone & Conduit
- Review an applied cybersecurity design
- Maintain a traceability of cybersecurity requirements
Testing and Validation Phase
- Perform a vulnerability assessment
- Perform penetration testing
- Conduct a cybersecurity verification and validation
- Produce a cybersecurity case.
Results
With the support of Ricardo's cybersecurity experts, the client, Hyundai Rotem, will deepen its understanding of cybersecurity standards and gain hands-on experience in applying and ensuring cybersecurity for railway vehicles. Developing a challenging cybersecurity application case for QTMP, for rolling stock within Australia's national railway project, will position Hyundai Rotem favorably for future opportunities to engage in a range of international projects.