How we impact
act PROSPERI.AI
Act Digital Corporate Artificial Intelligence
Solutions
Services
Partners
Automation in rail transport is advancing. Modern trains monitor their surroundings using cameras and other sensors, perform self-tests, communicate with edge systems along the route, and transmit large amounts of recorded data to data centers.
From a security perspective, this results in highly complex, distributed systems with the following characteristics:
A penetration test of such systems differs significantly from traditional IT tests. It involves a combination of IT, OT, and embedded security analysis.
Automated or semi-automated trains typically consist of several safety-critical components:
Inside the vehicle itself are sensor boxes equipped with cameras, environmental detection systems, and other measurement components. These are often installed at both the front and rear of the train to cover bidirectional travel.
The sensors detect:
The data is processed on the vehicle via a dedicated Ethernet network. Serial interfaces often exist for individual components. In many architectures, this network is logically or physically separated from the rest of the IT network.
For training, analysis, or maintenance purposes, the collected data is regularly transmitted to edge systems. From there, it is forwarded via dedicated fiber-optic links to central data centers.
Wireless backhaul connections represent a critical communication layer in this context.
The threat model in such projects encompasses several levels:
A key characteristic: Vehicles may be left unattended on track facilities for periods of time and be physically accessible. This significantly expands the attack surface.
Within the train, there is often a completely separate Ethernet network for connecting the sensors.
Security-related questions include:
Components implemented by third-party vendors are particularly critical. If security configurations are not transparently documented, there is an increased risk due to incorrect assumptions or unhardened default settings.
A penetration test analyzes both network segmentation and the actual enforceability of isolation.
Wireless Communication and Backhaul Security
Vehicle data is often transmitted via wireless high-availability connections.
Security-related aspects include:
Particularly for WiFi-based solutions in the 6 GHz band, it must be verified whether strong authentication is enforced and whether unauthorized devices can connect.
Multi-path TCP connections or tunneled SSH connections must also be checked for integrity and proper key management. An encrypted connection alone does not guarantee security if key management or host verification are inadequately implemented.
The recorded sensor data is transmitted regularly. In typical scenarios, large volumes of data are generated within a few hours,which are automatically fed into edge systems and then transmitted to the data center.
Critical areas for review are:
Data integrity is essential, especially for systems that use environment detection for training purposes. Manipulated training data can have long-term effects on decision-making models.
Edge systems along the route often serve as caching or preprocessing nodes.
Typical questions in a penetration test:
Systems without low-privileged user roles pose an increased risk, as every user potentially has extensive privileges.
Connections to storage systems must also be reviewed, especially if they are connected via client authentication mechanisms.
Physical access is a factor that is often underestimated. If a train is parked on a siding without video surveillance or physical security, the following scenarios must be considered:
Physical security is not a theoretical side issue in such projects, but a real component of the threat model.
In environmental detection systems, camera images are regularly captured that may show people on platforms or in the track area.
Unacceptable risks in this context include, in particular:
In addition to technical security, compliance with data protection requirements must therefore also be verified.
Such a penetration test differs methodologically from traditional IT tests:
In addition, parts of the architecture may still be adjusted during the project phase. Therefore, scope definition and risk assessment must be closely coordinated.
Automated train systems are not isolated vehicles, but networked, data-intensive platforms with:
The security-critical points lie not only in encryption or the transport channel, but in the entire chain comprising:
Collection → Processing → Transmission → Storage → Reuse.
A thorough penetration test must technically analyze this entire chain and assess whether the integrity, confidentiality, and availability of the systems are realistically guaranteed.
Automation in rail transport is advancing. Modern trains monitor their surroundings using cameras and other sensors, perform self-tests, communicate with edge systems along the route, and transmit large amounts of recorded data to data centers.
From a security perspective, this results in highly complex, distributed systems with the following characteristics:
A penetration test of such systems differs significantly from traditional IT tests. It involves a combination of IT, OT, and embedded security analysis.
Automated or semi-automated trains typically consist of several safety-critical components:
Inside the vehicle itself are sensor boxes equipped with cameras, environmental detection systems, and other measurement components. These are often installed at both the front and rear of the train to cover bidirectional travel.
The sensors detect:
The data is processed on the vehicle via a dedicated Ethernet network. Serial interfaces often exist for individual components. In many architectures, this network is logically or physically separated from the rest of the IT network.
For training, analysis, or maintenance purposes, the collected data is regularly transmitted to edge systems. From there, it is forwarded via dedicated fiber-optic links to central data centers.
Wireless backhaul connections represent a critical communication layer in this context.
The threat model in such projects encompasses several levels:
A key characteristic: Vehicles may be left unattended on track facilities for periods of time and be physically accessible. This significantly expands the attack surface.
Within the train, there is often a completely separate Ethernet network for connecting the sensors.
Security-related questions include:
Components implemented by third-party vendors are particularly critical. If security configurations are not transparently documented, there is an increased risk due to incorrect assumptions or unhardened default settings.
A penetration test analyzes both network segmentation and the actual enforceability of isolation.
Wireless Communication and Backhaul Security
Vehicle data is often transmitted via wireless high-availability connections.
Security-related aspects include:
Particularly for WiFi-based solutions in the 6 GHz band, it must be verified whether strong authentication is enforced and whether unauthorized devices can connect.
Multi-path TCP connections or tunneled SSH connections must also be checked for integrity and proper key management. An encrypted connection alone does not guarantee security if key management or host verification are inadequately implemented.
The recorded sensor data is transmitted regularly. In typical scenarios, large volumes of data are generated within a few hours,which are automatically fed into edge systems and then transmitted to the data center.
Critical areas for review are:
Data integrity is essential, especially for systems that use environment detection for training purposes. Manipulated training data can have long-term effects on decision-making models.
Edge systems along the route often serve as caching or preprocessing nodes.
Typical questions in a penetration test:
Systems without low-privileged user roles pose an increased risk, as every user potentially has extensive privileges.
Connections to storage systems must also be reviewed, especially if they are connected via client authentication mechanisms.
Physical access is a factor that is often underestimated. If a train is parked on a siding without video surveillance or physical security, the following scenarios must be considered:
Physical security is not a theoretical side issue in such projects, but a real component of the threat model.
In environmental detection systems, camera images are regularly captured that may show people on platforms or in the track area.
Unacceptable risks in this context include, in particular:
In addition to technical security, compliance with data protection requirements must therefore also be verified.
Such a penetration test differs methodologically from traditional IT tests:
In addition, parts of the architecture may still be adjusted during the project phase. Therefore, scope definition and risk assessment must be closely coordinated.
Automated train systems are not isolated vehicles, but networked, data-intensive platforms with:
The security-critical points lie not only in encryption or the transport channel, but in the entire chain comprising:
Collection → Processing → Transmission → Storage → Reuse.
A thorough penetration test must technically analyze this entire chain and assess whether the integrity, confidentiality, and availability of the systems are realistically guaranteed.
