Toulouse Metro Line 3 - Independent Security Assessment

Challenge

Nanjing Kangni is a China-based manufacturer specialising in door systems for the rail sector. It is a sub-supplier to the international rail Original Equipment Manufacturer (OEM), Alstom, for the platform screen doors (PSD) planned for Toulouse Metro Line 3.

Line 3 is currently under construction across the city, featuring 20 stations along a 27km east-west route, and is expected to open in 2029.

Alstom has set out high expectations on cyber security across its supply chain, including requirements for formal independent security assessment (ISecA) for security level SAL-2 against IEC 62443, a standard for protecting industrial control systems and operational technology networks. The OEM has also stipulated additional requirements for cyber security management against ISO 27000 (information security management systems).

Ricardo was appointed in September 2021 to perform the assessment as well as associated system engineering support.

Approach

Ricardo assigned two dedicated teams to deliver the system engineering support and ISecA in parallel. The team commenced with a gap analysis of the organisation's current processes and security measures against both contractual and Alstom requirements, before performing the independent assessment against IEC 62443 for the manufacturer's PSD and train door products to determine whether the systems met SAL 2.

A compliance report was regularly produced to keep the end-client, Alstom, informed of progress and of any identified improvements. These reports continued through to the point where sufficient evidence had been documented to confirm that Nanjing Kangni could proceed with the safe integration of its door systems into the route.

Results

Following the assessment, Kangni opted to mirror the process it had undergone for PSD for its range of train door systems. As a result, Kangni now has an established cyber security management system, compliant ISO 27000 and IEC 62443, that is applicable to both its PSD and train door products.

Meanwhile, Ricardo’s assessments provided confidence to Alstom that Kangni’s system complies with the required standards of security against current and emerging threats.

Client

Nanjing Kangni

Key Services

Independent Security Assessment
Systems Integration

Start and end dates

09/2021 - 12/2028

Location

Toulouse, France

Independent Security Assessment (Cyber)

Learn more

Contact our experts

Name *

Job Title *

Company *

Phone

Email *

Consent for storing submitted data *

I give permission to store and process my data

Consent for marketing

Yes, I'd like to keep up to date on Ricardo services and events. Your information will be stored on secure systems and not shared with third parties. Unsubscribe at any time.

Are you a robot? *

Related case studies

View all case studies

Rail cyber security training and consultancy

Read project

Cyber risk assessment for new Hong Kong signalling system

Read project

QTMP Cyber Security Consulting and Assessment Project

Read project