Ricardo and Roke assess rolling stock digital resilience with Bombardier
International rolling stock manufacturer Bombardier Transportation has appointed the Ricardo-Roke team to implement a new approach for managing digital risk in connected transport systems – focusing on its AVENTRA platform
Ricardo plc, in partnership with Roke Manor Research Ltd, a leading UK innovator in cyber security, autonomy and communications, is working with Bombardier’s in-house teams to produce a full appraisal of the AVENTRA vehicle’s digital security risk profile, starting from the perspective of the priorities of Bombardier customers.
The AVENTRA is an electrical multiple unit train that was introduced to the UK network in 2017. It will become increasingly familiar to the country’s commuters over the next two years as it is added to fleets serving the south west, eastern and the west midlands regions.
To provide confidence that the vehicle can provide the highest standards of security against current and emerging threats, Bombardier asked the Ricardo-Roke team to undertake an in-depth assessment of the AVENTRA’s exposure to a range of possible threats – from espionage to remote hacking – and evaluate the potential impact on its operation.
Doug Blanc, Ricardo Rail head of digital railway explains: “Unlike traditional enterprise security assessments, the Ricardo–Roke approach focuses squarely around the unique characteristics and priorities of day-to-day rail operations, such as the importance of maintaining a safe and open environment for passengers whilst ensuring minimum disruption to the network.”
The assessment blends Roke’s cyber expertise honed from many years’ of supporting critical national infrastructure and government organisations, with Ricardo’s domain knowledge of rail operations, rolling stock design, systems engineering and passenger interactions.
Dr Andrew Rogoyski, innovation director for Roke: “Transport systems are set to be the next big challenge in cyber security. Connecting trains, vehicles and ships via the internet has the potential to post significant ‘life and death’ safety implications. This work is therefore a landmark development, as a major train manufacturer seeks to integrate cyber security assessments into their design and testing processes, keeping passengers safe, while delivering next generation train systems.”
To deliver the findings, the team will benchmark against current industry standards and national legislation. This includes the Network and Information Systems Directive (NIS Regulations), as well as well-defined practices from sources such as National Institute of Standards and Technology, Certified Information Systems Security Professional, and previous vulnerability and risk reviews conducted by Roke for the UK Ministry of Defence.
Once the investigations are concluded, the team will provide Bombardier with a detailed risk-based assessment of the AVENTRA platform, accompanied by recommendations that identify vulnerabilities and mitigates risk in an appropriate way, incorporated into Bombardier’s existing risk management practices. This assessment will provide Bombardier customers with a significant evidence base with which to demonstrate compliance to the NIS cyber assessment framework.
For more information on the digital resilience partnership between Ricardo and Roke, visit: https://digitalresilience.info/