Blurred high-speed train in a sleek modern station, capturing urban commuting and motion.

New Publication: Automated Security Risk Management for trains

ByStefan Karg 21.07.202525.08.2025

Patric Birr and I published an article in SIGNAL+DRAHT, the leading international medium for control and safety technology plus communication and information technology in the railway sector.

In the article we propose automating Security Risk Assessments by using digital twins. These allow attack trees to be derived automatically enabling a systematic analysis of potential attack paths into a system.

Besides the Security Risk Assessments in the design phase of a system, this approach also simplifies the necessary updates of the Security Risk Assessment throughout the whole lifecycle of the system as well as simulating the security impact of changes e.g. by adding new components or interfaces to an existing system.

In the article, we use a train as an example to explain the principle. This approach is not limited to trains or the railway domain, however, and can be applied to all kinds of OT/IT systems.

Here is a link to the corresponding blog post on the ICS GmbH website, where you can find a link to the full article. The blog post is in German, but the article is available in both English and German:

🌐 Security-Risiken in Zügen automatisiert erkennen – mit Digitalem Zwilling und normkonformer Analyse

Security

Next conference: Nürnberg
ByStefan Karg 28.03.202425.08.2025

Today I’ve registered for attending the “CNA Forum Bahn+BahnTechnik 2024” conference with the title “Unlocking the opportunities of railtech” CNA Forum Bahntechnik | CNA – Center for transportation & logistics Neuer Adler e.V. (c-na.de) My personal focus for the conference will be the topics around the digitalisation of the railways and how to develop the…

Read More Next conference: Nürnberg
Security

Üstra hacked
ByStefan Karg 04.04.202325.08.2025

Cybersecurity in public transport: The operator of Hannover’s public transport was hacked. According to the linked article, it seems to be a ransomware attack. Bus and railway operation are not affected, but different systems such as the displays at the stations or the ticketing platform for the new “Deutschlandticket”. https://www.csoonline.com/de/a/cyberattacke-auf-hannoversche-verkehrsbetriebe,3674537

Read More Üstra hacked
AI

WormGPT and FraudGPT
ByStefan Karg 28.07.202325.08.2025

As with any new technology, the “other side” is trying to figure out how to use it to their advantage. The normal commercial versions of LLMs have barriers built in to prevent the creation of malware code or phishing mails, for example. If you remove these barriers, you get the output that we as security…

Read More WormGPT and FraudGPT
AI

Bing AI message limitation
ByStefan Karg 17.02.202325.08.2025

There was an interesting article published about Bing’s AI chat bot using a LLM (Large Language Model) this weekend in the New York Times. A clear recommendation for reading:Why a Conversation With Bing’s Chatbot Left Me Deeply Unsettled – The New York Times

Read More Bing AI message limitation
AI

AI phishing
ByStefan Karg 09.01.202325.08.2025

Are the bad guys using AI? They might! AI tools like ChatGPT or DALL-E-2 are currently widely tested out on the internet – both for the good as well as for the bad. From my point of view, we are at the very beginning of an interesting development, which will unfold over the next couple…

Read More AI phishing
Security

Password security
ByStefan Karg 10.03.202225.08.2025

What’s the state of your password security? Do you consider the length and complexity and don’t use the same password for multiple services? Post | LinkedIn

Read More Password security

Similar Posts