Digital Resilience assessment: Bombardier's AVENTRA

Digital Resilience assessment: Bombardier's AVENTRA
24 April 2019

Colleagues in the UK have won a new contract to assess the digital resilience of Bombardier’s AVENTRA platform.

Working in partnership with Roke Manor Research Ltd, a leading UK innovator in cyber security, autonomy and communications, Ricardo's rail experts are helping Bombardier’s in-house teams undertake an in-depth assessment of the AVENTRA's exposure to a range of possible threats – from espionage to remote hacking – and then evaluate the potential impact on its operation.

Once the investigations are complete, Bombardier will be provided with a full risk-based assessment of the AVENTRA, accompanied by recommendations that identify vulnerabilities and mitigate risks in an appropriate way, incorporated into Bombardier’s existing risk management practices.

The Ricardo–Roke approach focuses squarely around the priorities of day-to-day rail operations


A detailed digital risk assessment

Bombardier's AVENTRA was introduced to the UK network in 2017 and it will become increasingly familiar to the country’s commuters over the next two years as it is added to fleets serving the south west, eastern and the west midlands regions.

To provide confidence that the vehicle can provide the highest standards of security against current and emerging threats, Bombardier asked the Ricardo-Roke team to produce a full appraisal of the AVENTRA's digital security risk profile, and provide confidence that the vehicle can provide the highest standards of security against emerging digital threats.



Over the course of their work, the team will benchmark against current industry standards and national legislation. This includes the Network and Information Systems Directive (NIS Regulations), as well as well-defined practices from sources such as National Institute of Standards and Technology, Certified Information Systems Security Professional, and previous vulnerability and risk reviews conducted by Roke for the UK Ministry of Defence.

A landmark development - a major train manufacturer seeking to integrate cyber security assessments into design and testing.

A unique partnership

The assessment blends Roke’s cyber expertise, honed from many years’ supporting critical national infrastructure and government organisations, with Ricardo’s domain knowledge of rail operations, rolling stock design, systems engineering and passenger interactions.

Doug Blanc, head of digital railway for Ricardo's rail team, believes the partnership offers clients a unique mix of domain expertise and security best-practice. “Unlike traditional enterprise security assessments, the Ricardo–Roke approach focuses squarely around the priorities of day-to-day rail operations, such as the importance of maintaining a safe and open environment for passengers, whilst also ensuring minimum disruption to the network.”

“Transport systems are set to be the next big challenge in cyber security" says Dr Andrew Rogoyski, innovation director for Roke. "Connecting trains, vehicles and ships via the internet has the potential to post significant ‘life and death’ safety implications. This work is therefore a landmark development, as a major train manufacturer seeks to integrate cyber security assessments into their design and testing processes, keeping passengers safe, while delivering next-generation train systems.”

A new approach to cyber security in transport systems

The partnership between Ricardo and Roke began in 2017 when they joined forces to provide a ‘one stop shop’ in designing cyber-secure systems and infrastructure for the transport sector. By continuing to bring together this mix of security best practice and in-depth domain knowledge, Roke and Ricardo aim to be at the forefront of managing digital risk in connected transport systems long into the future.

For more information. visit: https://digitalresilience.info/