图像
Product Cybersecurity at Wabtec
Wabtec is committed to providing robust product cybersecurity to support freight rail, transit, mining, industrial and marine operators. Spearheaded by our Chief Product Security Officer, our centralized product cybersecurity team’s mission is to provide engineering-focused training and awareness programs, set relevant security requirements for improved product designs, guide engineers in adoption of secure design practices, provide services to identify and prioritize security risks, conduct compliance assessments for product release readiness, and maintain vigilance against evolving threats.
Standards-Based
Aligned with international standards such as IEC 62443-4-1 and NIST Secure Software Development Framework, our program supports well-defined benchmarks throughout the product security development lifecycle. This standards-driven approach enables a common cybersecurity baseline for Wabtec products. Wabtec actively participates in industry standards groups and associations like CENELEC (TS 5701), IEC 63452, and UNIFE, to support cybersecurity in digital rail innovation. This collaborative effort enables Wabtec products to meet evolving industry requirements.
Shifting Security Left
Our centralized product cybersecurity team empowers product teams with policies, procedures, tools, and training to integrate cybersecurity into product engineering. Wabtec’s global product-based cybersecurity champion network fosters a community of practice, promoting continuous improvement and knowledge sharing.
Resilience for Critical Infrastructure
Wabtec's Product Security Incident Response Team manages incident response, responsible vulnerability reporting, triage, and disclosure. Our efforts also include ongoing vulnerability watch, security process status reporting, and comprehensive software integrity assessments, enabling resilience for mission critical freight rail, transit, mining, industrial and marine operators. Wabtec collaborates with customer security teams to jointly act based on vulnerability applicability and risk.
Third Party Risk Management
Dedicated policies, procedures, and teams support Third Party Risk Management, identifying and addressing potential risks within Wabtec's supplier network. This proactive approach supports industrial secure supply chain requirements.
Product Cybersecurity: A Team Effort
At Wabtec, we recognize that product cybersecurity is a team effort. Our role-based security awareness and training program builds security expertise among our system and software architecture, engineering, design, implementation, and testing teams. This multi-tiered training not only integrates security practices into day-to-day engineering, it provides opportunities to gain hands-on offensive and defensive skills and to learn from industry cybersecurity experts.
Related Links: