_enabling
a trusted
future

The rail sector is shifting to a new paradigm of digitalisation to bring in efficiencies to counter the increased demands of travelling passengers and goods transport, while ensuring the highest safety and security of the infrastructure. To achieve this goal, Rail Operators have adopted modern systems combining IT and IoT technologies. Digital transformation strategies within the Rail sector include more connectivity for Industrial Control Systems (ICS), increasing their exposure and potentially making them more vulnerable and exposed to cyber-attacks.

This study explores different approaches for using MITRE ATT&CK (a knowledge base of past security incidents) as a risk identification technique, within the frame of EBIOS RM (a security risk assessment methodology). It discusses the relevance of these approaches, and of the overall use of MITRE ATT&CK for risk assessment.

Da heutzutage jedes Unternehmen die Cloud nutzt – sei es in Form einer vollständigen Cloud-Umgebung, einer hybriden Lösung oder als SaaS (Software-as-a-Service) – machen sich viele Sorgen um die Sicherheit und darum, die Kontrolle über ihre Daten und Prozesse zu behalten. Man könnte sagen, dass dies von Anfang an, vielleicht sogar schon früher, eine Sorge [...]