Creating a successful cybersecurity framework for Alptransit Gotthard

Alptransit Gottard

Creating a successful cybersecurity framework for Alptransit Gotthard

Planung, Umsetzung und Kontrolle von Cybersicherheitsmassnahmen in einer schwierigen Betriebstechnik-Umgebung.

The Challenge

 
Rail transport plays an important role in Switzerland. To support modern fast-paced traffic and safe travel, the country’s infrastructure has to match an ever-increasing list of requirements. Consequently, the increasing capability and complexity of electronic tunnel infrastructure, the long life-cycle of operational technology (OT), the involved hardware and software, and the high standards regarding availability that require foresight mean that cyber security has to be planned and executed flawlessly. 
 
Swiss Federal Railways (SFR) subsidiary, Alptransit Gotthard – who constructed the Gotthard axis of the New Rail Link through the Alps – looked to Eraneos for help in creating an OT cyber security framework. This included establishing reporting and communication, assigning responsibilities and tasks, and defining, implementing, and controlling security measures. This was a big project but not one we shied away from.  

“Today the AlpTransit Gotthard tunnel operates with a high level of cyber security. Continuous improvements, recurring tests and audits, and life cycles ensure safe, reliable, and fast travel for customers around the clock.”

Oliver Vaterlaus, CEO Eraneos Group

The Approach

We tackled this substantial task by establishing cyber security in the tunnel’s OT environment. This was an important factor that required full cooperation and coordination from all sides. Once established, we introduced roles, tasks, and responsibilities in the project organization, defined the perimeter and effective area, and set up periodic ICT security reporting to the operator and client. 
 
Once all the organizational aspects were covered, we then turned our focus to the definition of concrete technical and process-related measures. This included tracking the implementation of measures and proof of compliance from contractors. Due to the long supply chains commonly seen in OT environments, special attention was also paid to supporting the contractors and third parties in all ICT security-related activities. 

AlpTransit Gotthard wurde 1998 gegründet und ist eine hundertprozentige Tochtergesellschaft der Schweizerischen Bundesbahnen (SBB) mit Hauptsitz in Luzern und einer Niederlassung in Bellinzona. AlpTransit Gotthard ist der Erbauer der Gotthardachse der Neuen Eisenbahn-Alpentransversale mit Basistunnels am Gotthard und Ceneri.

The Result

Over the span of nearly two decades, we contributed to the planning, implementation, and control of the cyber security measures in this project’s challenging OT environment. 
 
As part of the ICT security measures, we introduced modern hardening and protection measures such as management access control and network access control. Network security was also proven and ensured by means of multi-stage tests and audits. 
 
At the same time, we contributed to the planning and timely implementation of security measures in order to support the project in achieving its targets and meeting its deadlines. Considerate communication and foresight made the efforts related to cyber security an integrative part of the overall project, in line with AlpTransit Gotthard’s business goals. 

Let’s create sustainable change together.

Eraneos Switzerland Roger Emmenegger

Roger Emmenegger

Senior Manager

Transportation & Logistics

Organizational Excellence & Transformation

+41 58 411 96 24