The railway sector is in a moment of profound innovation: faster, more punctual and, especially, safer services are increasingly being demanded. New business models are sought, improving the user experience, making their operating systems more efficient, etc. and, for all this, support in new technologies is absolutely necessary and, therefore, cybersecurity as well.
All the agents that are part of the value chain in railway projects (operators, train manufacturers, manufacturers of signaling technologies, ticketing, passenger information, certifying entities, etc…) are immersed in a total digitization process applying new technologies such as artificial intelligence or the internet of things, among others. These technologies undoubtedly present great benefits: greater efficiency when operating, greater sustainability, better user experience, more safety in tunnels or level crossings or in driving itself, etc. but we must not forget that the connectivity that it implies (to the cloud, to other infrastructures, to IoT devices…) generates new risks and threats that we cannot ignore.
Vulnerabilities in information systems can cause a huge impact on the operation and security of railway services and, even more so, if we talk about key systems such as electricity or signaling.
For all these reasons, work and innovation in the field of safety in the railway sector is essential and the increasing dependence on technology and information systems makes operational safety centered on infrastructure and operation and cybersecurity, must be addressed in a comprehensive manner.
In this sense, IEC 62443 already presents a holistic vision of the security of industrial control systems; however, we must say that the integrated approach to security and cybersecurity is not yet sufficiently mature.
That is why, during QA&TEST Safety and Security, we will try to identify the challenges that this necessary integration still presents and we will explore the different solutions and ways to address them that will allow us to guarantee safety and mitigate the risks associated with technological innovation that experience the sector.