A special focus on IT security
The digital railway system of the future naturally presents many attack surfaces for possible hostile interventions. This is due to the complexity of the system architecture, the desired high degree of automation and the multitude of newly introduced technologies such as artificial intelligence (AI) and sensor technology. Due to the critical nature of the railway system for the economy and society, any attacks, even if they don’t lead to personal injury, can cause considerable financial damage beyond the railway sector.
For this reason, the topic of IT security receives special attention in Digitale Schiene Deutschland and specifically in the development of the digital rail system. Here, Digital Rail for Germany is following a multi-pronged approach:
- During the early testing and piloting of subsystems of the digital railway system, a full risk and threat analysis is carried out and corresponding measures are derived as if the technologies were already in operation – even if this is carried out parallel to the actual operational railway operation and therefore a large part of the possible risks and threats could be excluded in this phase. This makes it possible to gain insights into the required IT security architecture at an early stage.
- An IT security architecture is developed during the development of the system architecture of the digital railway system – even if this must then also be iteratively adapted. This ensures that IT security is considered in the design of the digital railway system from the ground up.
- Digital Rail for Germany follows a ‘DevSecOps’ approach to developing and implementing functions of the digital railway system. Here, the right specifications and tools inherently ensure that IT security is taken into account during software development.