THINK SAFE. THINK ICS.

Security for Safety

Because functional safety no longer works without cybersecurity.

Are your systems secure - but also protected?

The digitalization of the rail sector is progressing rapidly. This not only increases the opportunities, but also the risks. Cyber attacks, false alarms, outdated technology and increasing regulatory requirements are pushing many operators, developers and manufacturers to their limits.

ics_1966_think_safe_think-ics

ICS has over 60 years of experience in safety-critical systems.

We support you with well-founded, standard-compliant and tried-and-tested solutions - structured, comprehensible and applicable at every point of your system life cycle. Our mission: security that thinks ahead and secures your operations in the long term.

Your challenges - our solutions

Many of our customers are familiar with this: increasing requirements, scarce resources, complex systems.
We listen, analyze together and deliver solutions that work in everyday life.

Cyber threats jeopardize operational security and availability.

We help with systematic risk analysis, attack tree modeling and the derivation of effective protective measures.

Laws such as NIS2, KRITIS or CRA put you under pressure.

We support you in meeting regulatory requirements in compliance with the law and standards (ISO 2700x, IEC 62443) - transparently, auditable and future-proof.

Supplier requirements demand documented security processes.

We provide support in setting up secure development processes (secure development), including security cases and SBOMs.

Unclear warnings jeopardize operation and system acceptance.

We identify risks at an early stage through targeted threat modeling for clear priorities. In this way, we create trust in your systems and ensure sustainable operational security.

Safety integration is missing in the engineering processes.

We anchor secure development in your workflows with static code analysis, automated vulnerability scans and risk-based gates in the CI/CD process.

Lack of visibility of risks in software, supply chain or cloud.

Transparent risk and dependency analysis based on network-based asset discovery and security testing from the code to the operating network.

Security expertise not available in the development team.

We bring security expertise to your team - via CISOaaS, training or technical support, exactly where you need it.

Existing systems are difficult to retrofit.

With our "security shell" approach, we supplement existing systems with targeted protective measures, preferably without interfering with certified functions and with minimal impact on operations.

Limited budgets with increasing pressure to act.

With a clearly prioritized catalog of measures, we focus on the greatest leverage with the least effort.

Our approach: structure meets depth

You know the requirements, we provide the structure. Together we create a secure foundation.
Our approach is practical, comprehensible and tailored to your systems. Our implementation follows a structured plan.

  • 1. planning

  • 2. risk analysis

  • 3. catalog of measures

  • 4. implementation

  • 5. security proof

  • 6. introduction of operations

Identification of the legal and normative basis

  • Description of the system to be analyzed
  • Definition of objectives together with all stakeholders
  • Definition of roles and responsibilities
  • Planning the content of further delivery objects
  • Identification of synchronization points with safety

Identification of threats and security gaps

  • Assessment based on probability of occurrence and impact
  • All risks are compared with each other and categorized in a risk matrix.
  • Additional protective measures are taken into account for risks above a tolerance level.

Fulfillment of security level target

  • GAP analysis for the ISA/IEC 62443 catalog of measures for the selected security level target or risk-based approach
  • Definition of measures to reduce the greatest risks based on ISA/IEC 62443
  • Definition of security-related application conditions (SecRAC)

Advice on prioritization and implementation

  • Optimization of security in the areas of technology, organization and infrastructure by implementing measures in accordance with the catalog of measures and implementation plan
  • Monitoring of implementation measures and final test

Overview and references to previous security activities

  • Documentation of evidence from verification and validation
  • Addressing open points by means of "Security-related Application Conditions"
  • Overview of all residual risks
  • Final security claim

Secure operation of technology, organization and infrastructure

  • Identification of optimization potential
  • Continuous improvement of processes
  • Advice on operational management
  • Compliance with security requirements over the entire life cycle

ICS - Because rail safety needs more than just IT know-how

Read for yourself why so many manufacturers, operators and suppliers have been working with us for decades.
We know the language of the railroad world - technical, normative and human.
Whether it's the initial idea or in the middle of operations: we listen, advise at eye level and guide you safely through every project with experience and structure.

What's in it for you? An overview of our strengths.

60 years of experience

Industry expertise in the rail sector - well-founded, tried and tested, reliable.

Connecting IT, OT & Safety

Security, development and operation in harmony.

Scalable project implementation

From medium-sized manufacturers to major international projects.

Focus on rail technology

Keeping an eye on safety-critical systems in vehicles and infrastructure.

Standards safely implemented

IEC 62443, ISO 27001, NIS2, TISAX®, TS 50701

Trusted references

Long-standing partnerships with DB, SBB, Siemens, Hitachi, GTS & more.

Extract of current references

  • Security Lifecycle Management

    Pintsch GmbH (2024)

  • Security management major station facility

    German operator (since 2023)

  • Security in control and safety technology

    German Railways (since 2016)

  • Assessment according to TS 50701

    Dutch manufacturer (since 2022)

  • Risk analysis of the S-Bahn fleet

    Swiss manufacturer (2023-2024)

  • ETCS-OBS & Secure Development

    German manufacturer (2018-2022)

  • Vehicle retrofit security

    British integrator (2020-2021)

  • Architecture Review LST

    Siemens Mobility (2019-2020)

  • ESTW Security Assessment

    SBB (2018-2019)

  • Security risk managementfor the entire Stadtwerke Group

    Bielefeld municipal utilities (since 2024)

FAQ - Frequently asked questions

Why do I need "Security for Safety"?

Because functional safety (e.g. train control) is no longer possible without IT security. Without protection against cyber attacks, even perfectly functioning systems can fail - with enormous damage to people, operations and reputation.

How does ICS help with regulatory compliance?

We support you in the complete implementation of requirements such as NIS2, the IT Security Act, CRA or TS 50701 - including verification documentation and audit preparation.

What distinguishes ICS from other providers?

We come from the rail sector. We think in terms of RAMS, safety and security. Our measures are not theoretical - but tailored to your reality. With a focus on operation, practice and efficiency.

Is it also possible to get started with existing systems?

Yes, ICS offers solutions for retrofitting, modernization and additional protective measures - even for systems with existing certification.

How does ICS integrate security into existing processes?

ICS adapts measures to your existing development environment - e.g. through integration in CI/CD pipelines, risk analyses in the SDLC and code checks. You can find details on the procedure on our Secure Development page.

How does ICS support auditability?

By creating a structured security case including a catalog of measures, risk analysis, SBOMs and verification documentation - tailored to auditor requirements.

How long does a typical project take?

Depending on the scope. Initial results such as risk analyses or quick audits are usually available within a few weeks. ICS works in parallel with ongoing development.

Is this only for new systems?

No. Existing systems in particular need pragmatic protective measures. Our solutions can also be integrated without software updates or re-certification.

What does it cost?

Less than a cyber incident. We work with you to develop a customized concept - scalable, risk-based and in line with your budget. An initial consultation is free of charge.

How do we get started?

Simply book a non-binding appointment with our ICS team of experts - and we will analyze your situation together.

Would you like to know what Security for Safety could look like in your environment?

Talk to us - we'll show you how to get started. Arrange a non-binding consultation appointment now.

BOOK AN APPOINTMENT