REAVRS

Due to a high level of technology as well as the increasing use of connected digital technologies, among other factors, the rail system has been observed to be susceptible to various types of attacks.

The overall system (consisting of people and technology) has been predominantly developed without special consideration of security requirements capable of opposing these attacks. A main reason for this can be found in the lack of a systematic identification and evaluation of attack potentials originating in the special characteristics of the rail system. Hence, there is little knowledge of possible points of attack within the existing system. Until the introduction of a comprehensive, long-term "railroad" safety concept, these weak spots should first be identified as extensively as possible. Building on this first step, a careful examination of underlying causes will be conducted, followed by an assessment of associated risks.

While a large number of attack potentials for railway subsystems have been already sufficiently investigated, there is still a lack of results for the overall system. Therefore, the aim of the project is the holistic identification of current vulnerabilities of the rail system to attacks on different levels. In particular, weaknesses in relation to cybersecurity, organization, voice and data communication and physical interventions are to be determined. The next step consists of an examination of the causes for the identified weak spots in order to carry out a well-founded assessment and prioritization of the underlying risks. Based on these insights, recommendations for security measures, counter-strategies for incident management as well as preventive measures will be developed, setting the foundation to implement them in the short and medium-term.