Creating a Successful Cyber Security Framework for Alptransit Gotthard

Alptransit Gotthard

Creating a Successful Cyber Security Framework for Alptransit Gotthard

Planning, implementation, and control of cyber security measures in a challenging OT environment

The Challenge

Rail transport plays an important role in Switzerland. To support modern fast-paced traffic and safe travel, the country’s infrastructure has to match an ever-increasing list of requirements. Consequently, the increasing capability and complexity of electronic tunnel infrastructure, the long life-cycle of operational technology (OT), the involved hardware and software, and the high standards regarding availability that require foresight mean that cyber security has to be planned and executed flawlessly. 
Swiss Federal Railways (SFR) subsidiary, Alptransit Gotthard – who constructed the Gotthard axis of the New Rail Link through the Alps – looked to Eraneos for help in creating an OT cyber security framework. This included establishing reporting and communication, assigning responsibilities and tasks, and defining, implementing, and controlling security measures. This was a big project but not one we shied away from.  

“In the medium to long term, it is absolutely imperative that the application and data environment of the cantonal administration demonstrates greater flexibility, consistency and vigor in addressing the needs of citizens and the economy.”

Oliver Vaterlaus, CEO Eraneos Group

The approach

We tackled this substantial task by establishing cyber security in the tunnel’s OT environment. This was an important factor that required full cooperation and coordination from all sides. Once established, we introduced roles, tasks, and responsibilities in the project organization, defined the perimeter and effective area, and set up periodic ICT security reporting to the operator and client. 
Once all the organizational aspects were covered, we then turned our focus to the definition of concrete technical and process-related measures. This included tracking the implementation of measures and proof of compliance from contractors. Due to the long supply chains commonly seen in OT environments, special attention was also paid to supporting the contractors and third parties in all ICT security-related activities. 

AlpTransit Gotthard was founded in 1998 and is a wholly owned subsidiary of Swiss Federal Railways (SFR) with headquarters in Lucerne and a branch office in Bellinzona. AlpTransit Gotthard is the constructor of the Gotthard axis of the New Rail Link through the Alps, with base tunnels through the Gotthard and Ceneri.

The result

Over the span of nearly two decades, we contributed to the planning, implementation, and control of the cyber security measures in this project’s challenging OT environment. 
As part of the ICT security measures, we introduced modern hardening and protection measures such as management access control and network access control. Network security was also proven and ensured by means of multi-stage tests and audits. 
At the same time, we contributed to the planning and timely implementation of security measures in order to support the project in achieving its targets and meeting its deadlines. Considerate communication and foresight made the efforts related to cyber security an integrative part of the overall project, in line with AlpTransit Gotthard’s business goals. 
Today the AlpTransit Gotthard tunnel operates with a high level of cyber security. Continuous improvements, recurring tests and audits, and life cycles ensure safe, reliable, and fast travel for customers around the clock. 

Let’s create sustainable change together.