Modern transport systems, including planes, trains and cars, increasingly depend on digital network access. The Network and Information Systems Directive (NISD) regulations require operators to secure critical infrastructure, including transport systems, against cyber security attack. As a prominent manufacturer of trains, Bombardier needed to ensure its new platforms met the NISD obligations.
Working closely with the Bombardier team we conducted a tailored threat analysis and risk assessment of the Aventra training platform. We worked with Bombardier and their existing risk management process to prioritise the most important risks and develop treatment approaches for them. The presented results highlighted the security risk of components, sub-systems and the overall platform.
Bombardier received a high-level assessment and, for areas of higher or more uncertain risk, more detailed assessments. These gave confidence to Bombardier and its customers (the train operating companies), that the Aventra platform was capable of meeting their NISD obligations.