…Concepts and Levels of Security
IT security in public transport must be understood as a holistic and overarching task. For example, the industry standard IEC 62443 describes the consideration of cyber security concepts from different points of view: General, Policies and Procedures, System, Components. In addition, different areas require different levels of protection. Protection concepts and measures are then geared to the respective security level: An IP camera in a vehicle must be protected differently than the data of a payment system.
Cyber Security Challenges in Public Transport
Like many companies, most fleet operators and transport operators need to focus their resources on their core business. They have little expertise regarding cyber security and often no knowledge of IT standards. However, they need to ensure a network that has an adequate level of protection. In practice, implementing and ensuring protection measures is a challenge for many public transport operators.
>> Read also: Cyber Security in Public Transport Networks: How to protect systems in buses and trains from hacker attacks
The selection and implementation of methods and measures to protect a system depends on the application and its protection needs. The steps below provide an overview of practical measures to improve cyber security in public transit vehicles:
- Perform risk assessment: Identify and assess risks in terms of vulnerabilities, threats, attack scenarios and potential impact.
- Implement basic security measures: Access control, network segmentation, disabling unused interfaces, deploying firewalls, changing passwords.
- Secure communication and data: Use VPN and appropriate protocols to encrypt communication and data.
- Implement physical security measures: Block physical access to all components for unauthorized persons; monitor/control physical access.
- Define an action plan in advance: Define immediate actions, countermeasures, roles and responsibilities, ensure competency.
- Keep the system up to date at all times: Install software updates to address known vulnerabilities and security gaps.
- Train employees: on potential threats, protective measures, and preventive measures.
- Monitor: Monitor IT system regularly to identify deviations or security incidents; implement methods and tools to accomplish monitoring.
>> Read also: The Ethernet Switch & Cybersecurity
Subscribe to our monthly newsletter and stay tuned
Thanks for subscribing! We will be happy to keep you up to date, but first you need to confirm your email!
More Stories Like This:
The Right Decision: How Do You Know It’s Time to Switch to IP Communication in Public Transport?
Replacing analog technology in buses and trains with IP networks? This is a question that is currently occupying the minds of many public transport operators. We explain when is the best time to make the switch and what requirements must be met on...
Two Ways to Refit Vehicles in Public Transport
With increasing data volume and requirements for real-time data in public transport vehicles, IP-based communication has become a basic requirement for modern IT system architecture in vehicles. We use two examples to show how transport operators...
Automate Tasks in the IP Network with ROQSTAR OpenAPI
ROQSTAR OpenAPI can be used to automate tasks. In this article, we look at a real-world example of how the work of transport operators is made easier with the help of OpenAPI supported by ROQSTAR Ethernet Switches. ContentA Typical...
Our products are fundamental for the digitalization in public transport. ROQSTAR M12 Ethernet Switches provide the network infrastructure for e-ticketing, passenger counting systems (PCS), dynamic passenger information (DPI) and closed-circuit television (CCTV).