On the right track: Comprehensive cyber security solutions for railway technology

The potential for attacks is increasing and regulatory pressure in the railway industry is growing. We support our customers in meeting existing and upcoming legislative and regulatory requirements such as the EU Cyber Resilience Act (CRA) and the EU Network and Information Security Directive (NIS 2).

Infographic shows which growing attack surfaces connected systems offer
Cyber security: Connected systems offer growing attack surfaces

Connected systems offer growing attack surfaces

Increasing connectivity, digitalization and standardization mean that rail transport is increasingly vulnerable to attacks. A holistic security strategy is crucial to identify and secure points of attack such as interfaces (e.g. radio or network connections) and human error.

The regulators have also recognized this. Operators of rail systems are now facing new requirements resulting from the EU NIS 2 regulation and the “Sektorleitlinie” of the German Federal Railway Authority (EBA), for example. In future, manufacturers, suppliers and importers of products with digital components, in particular system houses and component manufacturers of rail applications, will also have to comply with the Cyber Resilience Act (CRA). The CRA sets out clear requirements, including a secure engineering process, comprehensible instructions, machine-readable Software Bill of Materials (SBOMs), vulnerability management over the entire life cycle and risk analyses. Standards such as CLC/TS 50701 and the IEC 62443 series provide practical guidance for implementation. 

Early preparation is crucial for comprehensive cyber security, as NIS 2 will be transposed into national law as early as October 2024 and the CRA is expected to be adopted in 2024 before becoming mandatory in 2027. Non-compliance can lead to severe penalties and even product recalls.

Infographic on EU Cyber Resilience Act and NIS 2 showing who's affected and which penalties apply.


Ensuring effective cyber security requires both cyber security mechanisms in the product and organizational measures at company level. Our team offers comprehensive support from strategy and process consulting to engineering in specific projects. As a cyber security development partner, we support our customers effectively throughout the entire development process with our in-depth knowledge and ensure the holistic integration of cyber security into their products and processes.

Cyber security symbol on rail tracks

Strategy for the standard-compliant implementation of cyber security processes

Passing train with cyber security symbols

Tailored development for standard-compliant products

ITK colleagues are having a conversation. An overview of the ITK railway technology portfolio can be seen in the background.

Training for your employees and even more security

Business portrait of Dr. David Seider, Lead Engineer Rail at ITK Engineering

As rail applications are largely individual, it is crucial to ensure cyber security in a targeted and pragmatic manner. My recommendation is therefore to carry out a compact two-part inventory in the form of a gap analysis and a risk analysis. All further steps can be derived and prioritized from this.

Dr. David Seider, Lead Engineer Rail

Our project highlights

Cyber security consulting for a rail operator

Standard-compliant software development for manufacturers

Cyber security threat and risk analysis for manufacturers

Cyber security engineering for manufacturers

Key Take Aways

Icon cyber security lock

Customized cyber security: individual and hands-on

Icon handshake

Reliable partner:
from strategy to engineering

Icon success

Extensive experience: over 100 successful cyber security projects