Transportation Security

Our society is heavily dependant on mobility. We have developed various means of transport, that nowadays increasingly utilize networked devices that solve tasks collaboratively or distributively. Sensors and actuators are deployed in the infrastructure to support monitoring, operation and maintenance, what makes them part of the Internet of Things. Car-to-car communication tries to optimize traffic flow. Environment sensors determine the condition of bridges to support a better maintenance strategy. Transportation is a critical infrastructure that requires measures against a variety of failures and threats in order to maintain an adequate level of supply. Defending critical infrastructures against cyber-attacks is the responsibility of information security. The Security Engineering Group is involved in several projects that improve the security of transportation infrastructures.


AG CYSIS (Cybersecurity for safety-related critical infrastructures)

CYSIS LogoThe CYSIS workgroup was established by Deutsche Bahn AG and TU Darmstadt within the framework of the Innovation Alliance and the existing DB RailLab on 25 January 2016. The purpose of the workgroup is to make effective challenges to the cybersecurity of safety-critical infrastructure intensified by digitisation in the railway industry possible. 

The Cybersecurity workgroup forms a basis for an intensive exchange of information between industry and academia in the railway sector, in order to benefit from each other's knowledge. Effective defence mechanisms and countermeasures can be researched and developed further with the assistance of partners from academia, including CYSEC, the Department of Cybersecurity at TU Darmstadt. The desired outcome is the networking of the railway industry with academic research on cybersecurity.

The workgroup is meeting regularly in the following subgroups:

  • Resilient Architectures: The group defined the term Resilient Architectures for railway signalling. A whitepaper (see Publications) has been published. It presents requirements for signalling systems in order to be prepared against cyberattacks.
  • Business Continuity Management: The operators of signalling systems need to be prepared for dealing with attacks. Concepts are developed to maintain a minimum of train operation even under attack.
  • Security for Safety: Train operation needs to be security aware. To build security in future interlocking systems, design decisions have to be made now. The decisions cover the system architecture, the lifecycle, the operation and the homologation process with the National Safety Authority.
  • ETCS and Security: Security aspects of the European Train Control System (ETCS) are investigated. It is currently the only signalling system in Germany that utilizes wireless information transmission. But with that it introduces a new attack surface.


Enhancing Critical Infrastructure Protection with innovative SECurity framework (CIPSEC)

CIPSEC Logo In recent years, the majority of the world's Critical Infrastructures CIs evolved to become more flexible, cost efficient and able to offer better services and conditions for business opportunities. Towards this evolution, CIs and companies offering CI services had to adopt many of the recent advances of the Information and Communication Technologies (ICT) field. This adaptation however, was rather hasty and without thorough evaluation of its impact on security. The result was to leave CIs vulnerable to a whole new set of threats and attacks that impose high levels of risk to the public safety, economy and welfare of the population. In so far, the main approach to protect CIs is to handle them as comprehensive entities and offer them a complete solution for their overall infrastructures and systems (IT&OT departments). However, complete CI protection solutions exist in the form of individual products from individual companies. These products integrate only in tools/solutions designed by the same company, thus offering limited technical solutions. The main aim of CIPSEC is to create a unified security framework that orchestrates state-of-the-art heterogeneous security products to offer high levels of protection in IT (information technology) and OT (operational technology) departments of CIs. As part of this framework CIPSEC will offer a complete security ecosystem of additional services that can support the proposed technical solutions to work reliably and at professional quality. These services include vulnerability tests and recommendations, key personnel training courses, public-private partnerships (PPPs) forensics analysis, standardization and protection against cascading effects. All solutions and services will be validated in three pilots performed in three different CI environments (transportation, health, environment). CIPSEC will also develop a marketing strategy for optimal positioning of its solutions in the CI security market.

Funded by: European Comission (H2020)

Hardware-based Security Platform for Railway Command and Control Systems (Haselnuss)

Information Technology (IT) is increasingly utilized in railway systems to introduce new functions and improve process efficiency. Due to the digitalization of the railway infrastructure and the replacement of proprietary networking infrastructures with IP-based infrastructures the risks of cyberattacks increases and new IT security requirements appear. As the railway system is a critical infrastructure, that is strongly regulated by the German IT security act (IT-Sicherheitsgesetz), appropriate security solutions need to be developed. The aim of HASELNUSS is the development of a customized, hardware-based security platform for the railway command and control system that provides the required security functions without jeopardizing safety. The platform features provisions to ensure the system integrity and constitutes the foundation for secure infrastructure networking. It includes secure patch and update management, health monitoring, anomaly and attack detection as well as countermeasures against side-channel attacks. The developed security platform will be implemented in demonstrators during the project.


  • German Prestandard DIN VDE V 0831-104: Electric signalling systems for railways - IT Security Guideline based on IEC 62443
  • CYSIS Whitepaper "Resiliente Architekturen in der Eisenbahn-Signaltechnik" DE EN  
  • Christian Schlehuber, Erik Tews, Stefan Katzenbeisser
    IT-Security in Railway Signalling Systems
    Securing Electronic Business Processes - Information Security Solutions Europe (ISSE), Brussels, Belgium, October 2014
  • Erik Tews, Christian Schlehuber
    Quantitative Ansätze zur IT-Risikoanalyse
    Tagungsband der GI-Sicherheit 2014, Fachtagung vom 19.-21. März 2014 an der Technischen Universität Wien


  • Sicherheitskonzepte im Bahnbetrieb I (WS)
  • Sicherheitskonzepte im Bahnbetrieb II (SS)
  • Ringvorlesung Sichere kritische Infrastrukturen (WS)

zum Seitenanfangzum Seitenanfang

A A A | Drucken Print | Impressum Impressum | Kontakt Contact | Last edited: 14 days ago