Challenge : Cybersecurity, a reputational risk
Cybersecurity has become a crucial element both from a competitive landscape and brand reputation standpoint, especially in the critical sector of transport. Amid rising cybersecurity threats, our client, a global railway company, seeks to protect the critical rail transport systems delivered to final users, in the various locations worldwide where it operates.
The cyber resilience of a large array of railway products needs to be increased: from high-speed trains to metros, monorails and trams, integrated systems, customised services, infrastructure, signalling (ETCS, CBTC etc.) and digital mobility solutions.
Solution : First class rail knowledge
Thanks to its vast expertise in railway products and systems and long collaboration with this client, with whom we have been designing rail products for years, Expleo has extensive know-how in trains, control and signalling systems.
We are providing a range of cybersecurity consultancy services: from risk assessment of rolling stock and train design in accordance with IEC 62443 and OEM processes; security hardening of products and IT/OT infrastructures; compliance management and technical coordination; cybersecurity architecture & engineering (solution implementation); and testing of security functions and controls. In parallel, our Cybersecurity Academy can train rail engineers in new, digital risk.
Outcome : Increasing cyber security resilience
Expleo’s dedicated offering is unique thanks its global HR team and cybersecurity practice lead dedicated to recruit and train engineers specifically to satisfy the client’s need. Our Virtual Expertise Centre can focus on complex projects with diverse expertise areas in OT/IT cybersecurity.
In a short amount of time, we were able to ramp up the cybersecurity team, with a worldwide capability. Our cybersecurity engineers can work autonomously, thus reducing the client’s onboarding time.
Their work is decreasing the client’s overall risk of cyber vulnerabilities in its rail products and solutions. Furthermore, we are able to provide ongoing management of the compliance programs.
- Global cyber resilience capacity building: lowered risk of vulnerabilities and management of compliance programs
- Cybersecurity lifecycle assessment
- Continuous management of cybersecurity risks
- Work force upskilling
- Reduced onboarding time
- Commercial success