Cyber Vulnerability Assessment- Rail

Cybersecurity Vulnerability Assessment for Rail

Our cybersecurity vulnerability assessment for rail is an interactive and dynamic process designed to address cyber risks in Operational Technology (OT) hardware, software, and networks. OT consists of critical embedded subsystems on rolling stock, such as engine control, PTC, electrical, hydraulic, communications, and other essential components.

Cyber Vulnerability Assessment Outcomes

According to the recent security directives from the TSA, rail owners and operators are required to complete a comprehensive cybersecurity vulnerability assessment by March 31st, 2022 (unless otherwise directed). Shift5 is here to help freight and passenger rail companies comply with these regulations by conducting a Shift5 Cyber Survivability Risk Assessment specially crafted to meet the Cybersecurity Vulnerability Assessment requirements in the TSA directive.

Address gaps and cyber risks in OT platforms

Whether it’s a locomotive, airplane, or military weapon system; every access vector is also an attack vector. Determine gaps and cyber risks per access vector according to operational impact.

Identify remediation measures to vulnerabilities

Through this comprehensive assessment, we deliver a premium cyber survivability analysis of all risks, potential operational effects in terms of risk, and detailed actionable findings to remediate vulnerabilities.

Set framework for cyber incident response plan

Our team guides rail owners and operators through the development of building a cybersecurity incident response plan. This includes conducting exercises to test plan effectiveness and cybersecurity hygiene.

Benefits of Cyber Vulnerability Assessment:

  • Meet TSA cyber regulations in regards to vulnerability assessment of rolling stock
  • Measure organizational risk from OT cyber attacks
  • Mitigate risk from discovered & public vulnerabilities
  • Empower CISO’s to enhance cybersecurity practices of onboard embedded systems 
  • Utilize results to build proper incident response plan 
  • Leverage an intrusion simulation as internal training event & test response plan efficacy

Schedule a Call

Please fill out this form and we will reach out to you shortly to schedule a call to answer your questions and discuss assessment needs for a custom quote.

Why work with Shift5?

Shift5 leverages extensive industry experience, government and intelligence community backgrounds, veterans, contracting know-how, and cross-functional skill sets. We’ve worked with government customers on custom solutions and we’re staffed with personnel who pioneered platform mission assurance in response to NDAA 1647.

Learn more about cyber vulnerabilities in rail

Shift5 | Episode 9: Red Teaming

Episode 9 of Planes, Trains, & Tanks! Episode 9: Cybersecurity red teaming is a multi-layered attack simulation designed to assess an organization’s security controls. The idea is …
Read More

Can a Train Be Hacked?

Can a Train Be Hacked? Short answer: Yes. Heavy transportation equipment has grown increasingly insecure and vulnerable to cyber attacks. This equipment is reliant upon onboard embedded …
Read More