Independent Security Assessment (Cyber)
Understand your cyber security risks and resilience capabilities, and ensure you meet industry, legal and regulatory standards.
Assess your digital resilience
The rail industry is becoming increasingly digital. This leads to more exposure to vulnerabilities and cyber security breaches.
Current trends in the rail sector suggests cyber-attacks on railways are doubling annually. These attacks are not only targeting core IT systems, but operational systems and connected rail hardware that can result in substantial financial, operational and reputational losses as well as significant safety risks.
Railway operators, maintainers and suppliers should demonstrate their resilience to emerging threats through independent cyber security assessments and cyber security monitoring.
An Independent Security Assessment (Cyber) from Ricardo will evaluate the robustness of your mitigations relating to your IT systems and infrastructure, and help you to better understand your risk profile. The scope of the assessment extends across processes, governance and physical assets, as well as your organisation's interactions with customers, staff and external entities.
Projects
Rail cyber security training and consultancy
Read case studyCyber security uplift project for rail organisation
Read case studyCyber risk assessment for new Hong Kong signalling system
Read case studyReduce your risk with Ricardo's Independent Security Assessment (Cyber)
Ricardo’s team of rail cyber security experts will perform a in-depth assessment of your risks against industry and global standards including IEC 62443 (the global standard for the security of Industrial Control System networks) and TS50701.
Our assessment, tailored specifically to your organisation, considers not only the general characteristics of the rail industry but also the unique aspects of your rai systems, including open and accessible environments.
Your organisation will gain a clear understanding of which risks are currently mitigated. The assessment will identify risks and non-conformities, including those posed by non-malicious actors. Our experts will provide proportionate guidance along with appropriate protective measures to address the risks identified.
Choosing Ricardo as your partner
Safety runs deep in Ricardo’s DNA
This safety expertise coupled with Ricardo’s cyber security specialism – Ricardo’s experts are unique in having cyber security expertise with extensive experience and capability across the rail industry.
Collaborative independence
Ricardo offers Independent Security Assessment (Cyber) as well as engineering cyber security systems engineering services to enhance the robustness of systems leading up to certification.
An industry voice
Ricardo’s experts contribute to industry committees and working groups, you gain access to the latest techniques and best practice.
The scope of assessment reaches beyond IT systems and deep into railway infrastructure:
Signalling systems
Cyber security attacks on the most safety critical railway systems create immediate safety risks to passengers and railway workers, the most significant of which could result in collisions or derailments
Rolling stock
The increased scope of train-board TCMS creates vehicle-based vulnerabilities that hinder smooth vehicle operations, creating delays and service interruptions.
Stations
Station focussed attacks typically target communication systems, evaluation controls, escalators and lighting which pose an immediate public safety risk.
Operational control centres
Hackers that seek to create significant impact to passenger safety, attack operational control centres to interrupt data flows and remote communications between stations, drivers and passengers.
Why undertake a cyber security assessment?
Protecting rail users and supply chain
Cyber incidents expose rail users and the rail supply chain to significant risks, including, in the worst-case scenario, loss of life. Demonstrate your commitment to safety and the protection of your supply chain by proactively assessing and addressing current and emerging threats to ensure resilience.
Data loss and business interruption
Secure your personal, business, and financial data while protecting against operational and financial losses. Safeguard your organisation from temporary shutdowns due to system corruption by proactively assessing potential risks, reducing the likelihood of disruption and sensitive data breaches.
Protect your reputation
A cyber incident could have significant safety, financial, legal and reputational implications for your organisation. By investing in an independent cyber security assessment, you are reducing your exposure to cyber incidents and protecting reputational risks.
Compliance with local / international standards and legislation
When supplying systems to operators, you’re committing to the highest possible safety and security standards. Provide independent assurance to your government / operator end-client through the provision of independent security assessments, to demonstrate compliance the expected standards.
Why choose Ricardo Certification
Efficiency and collaboration
We use bespoke tools and processes that reduce administration, minimise delays and prevent cost overruns.
International network
We will bring best practice and techniques honed from performing assessments throughout the world.
Rail domain specialists
Rail systems experts will be responsible for preparing all outputs and will provide constructive feedback throughout the process.
An industry voice
Many of our assessors are contributors to the Working Groups and industry forums that define technical standards and assessment criteria.
Independent Security Assessment (Cyber) Resources
Ricardo to prepare feasibility study for net zero rail commuter services in Adelaide, South Australia
Read articleRicardo partners with railway AI technology specialists, Cordel Group
Read articleRicardo forms Strategic Alliance with MxV Rail
Read articleOpportunities and challenges in sharing digital twins
Read articleMeet the experts
Tony Gao
Global Independent Security Assessment (Cyber) Lead