• Home
  • Projects
  • QTMP Cyber Security Consulting and Assessment
QTMP Cyber Security Assessment Train Image

QTMP Cyber Security Consulting and Assessment Project

Challenge

The Queensland Train Manufacturing Program (QTMP) will build 65 new six-car passenger trains at a purpose-built manufacturing facility at Torbanlea on the Fraser Coast in Australia. The programme will also see the construction of a new rail facility at Ormeau in the Gold Coast region.

The QTMP will support the population and economic growth of South East Queensland, as well as Cross River Rail and the Brisbane 2032 Olympic and Paralympic Games.

As part of the project, Hyundai Rotem is responsible for all aspects of EMU supply and the need to conform to  cyber security related standards and requirements such as IEC 62443 and CLC/TS 50701.

 

Approach

To meet the cyber security requirements of the QTMP project, Ricardo will establish a project-specific cyber security risk analysis and assessment process and support the execution of cyber security lifecycle phases in conjunction with the safety management programme.

Ricardo will also provide guidance on the various standards and specifications required to facilitate the execution of the cyber security work for Hyundai Rotem, which is new to cyber security projects. For the testing part (e.g. vulnerability assessment & penetration test), which requires independence in the delivery of cyber security consultancy services, Ricardo will leverage our partnership with NCC Group to support the client.

 

The work which Ricardo delivers for the QTMP Cyber Security Consulting & Assessment project includes the following activities:

System Definition Phase

  • Cybersecurity Management Plan Review 

 

Preliminary Design Phase

  • Guide and Review Initial Risk Assessment (IRA)
    • Establish an IRA strategy and method
    • Review and support IRA
    • Assist in responding to comments on existing IRA
    • Assist to produce Zone & Conduit models and SLT

 

Detailed Design Phase

  • Conduct Detailed Risk Assessment (DRA)
    • Elicit Cybersecurity Requirements
    • Further assessment and Update IRA
    • Assist to confirm SL-T and Zone & Conduit
    • Review an applied cybersecurity design
    • Maintain a traceability of cybersecurity requirements

 

Testing and Validation Phase

  • Perform a vulnerability assessment
  • Perform penetration testing
  • Conduct a cybersecurity verification and validation
  • Produce a  cybersecurity case.

 

Results

With the support of Ricardo's cybersecurity experts, the client, Hyundai Rotem, will deepen its understanding of cybersecurity standards and gain hands-on experience in applying and ensuring cybersecurity for railway vehicles. Developing a challenging cybersecurity application case for QTMP, for rolling stock within Australia's national railway project, will position Hyundai Rotem favorably for future opportunities to engage in a range of international projects.

Client

Hyundai Rotem

Start and end dates

03/2024 - 12/2026

Location

Queensland, Australia

Related case studies

View all case studies

Independent Verifier for OECD's Blue Dot Network

Read case study

Kingfisher Plc: A long-term sustainable products strategy to achieve net zero

Read case study

Climate Finance Accelerator Programme

Read case study