
Smart Mobility needs Cybersecurity
KIEPE integrates cybersecurity into rail vehicles, buses and public transit systems: from secure e-systems and consulting for existing fleets to new service models
Public transit networks are part of critical infrastructure and is increasingly digitally connected. The KIEPE Group, headquartered in Düsseldorf, is addressing growing cyber threats with a clear strategy, innovative solutions, and a strong team of experts. Whether in Cologne, Hanover, or beyond, KIEPE makes rail vehicles and buses cybersecure—today and in the future.
Cybersecurity is a basic requirement for smart mobility
Since 2019, KIEPE has been systematically working on integrating cybersecurity into all areas of the company. The legal basis and technical standards for cybersecurity in rail vehicles and electric buses have now been defined. However, there is still little experience with concrete implementation.
KIEPE has therefore put together a team of experts and is working closely with partners, vehicle manufacturers, and customers.
„The smarter buses and trains are, the greater the risk."
Markus Dorlöchter, Head of Engineering at KIEPE
Cybersecurity is teamwork, internally and externally
Cybersecurity affects not only IT, but the entire company, from development to management. Cooperation is also required beyond company boundaries: with vehicle manufacturers, the customers, and suppliers.
KIEPE relies on four key principles:
- Secure in-house processes: Development and data processing are systematically documented.
- Reliable supply chain: Suppliers must meet and demonstrate security requirements.
- Strategic integration: Management and IT actively drive the issue forward.
- Binding information security: A company-wide security policy has been adopted.
„Cybersecurity is a process that is never complete.
Mario Brunsch, Teamleader Cybersecurity at KIEPE
First cyber-secure vehicles to go into service in 2026
From the end of 2025, several vehicles with a comprehensive cybersecurity strategy will go into live operation. KIEPE is supplying the electrical systems, including the latest generation TCMS (Train Control Management System), for the new rail vehicles of Kölner Verkehrsbetriebe (KVB) and ÜSTRA.
KIEPE focuses on transparent communication, precise threat analyses, and standard-compliant implementation. The new TCMS NextGen already meets Level 2 of the IEC 62443 standard - a milestone for the industry.
„We are entering uncharted territory. Authorities and regulatory agencies are also facing new challenges."
Dennis Stemmer, Cybersecurity Manager at KIEPE
Cybersecurity consulting for existing fleets: The KIEPE Cybersecurity Check
Many transport companies also want to make their existing fleets cyber secure. KIEPE offers a three-stage consulting model for transport companies:
- Risk analysis – identification of realistic threat scenarios
- Protection concept – risk analysis plus development of customized, standard-compliant measures
- Implementation & validation – risk analysis, protection concept, testing, simulation, and verification of effectiveness
KIEPE actively offers the cybersecurity check and has successfully completed its first orders.
New business model for the future: cybersecurity as a service
Cybersecurity does not end with the delivery of a vehicle; that is when it really begins. The threat situation is constantly changing, making updates to vehicles and public transport systems an ongoing necessity.
The following challenges currently exist:
Security updates and homologation
- However, current approval procedures are often not designed for this. Security-related updates to vehicles and infrastructure should not trigger a complete homologation process every time. There is an urgent need for practical regulations that benefit operators and manufacturers.
Cybersecurity as a service
- A new form of cooperation between vehicle suppliers and transport operators is needed. Transport operators expect security for decades to come. But no one can say today what risks or costs the industry will face in 2035.
- The new service models for cybersecurity include:
- Ongoing risk analyses
- Regular updates & tests
- Transparent evidence for authorities & operators
„Our customers want security for decades to come. We can only guarantee this together through a service model."
Would you like to learn more or talk about your project?
Our experts are happy to assist you. Write to us, we look forward to hearing from you.
