ATO-DKS - IT/OT security for the ATO system architecture

ATO-DKS - IT/OT security for the ATO system architecture

Within the sector initiative "Digitale Schiene Deutschland" and the implementation of the digital interlocking (DSTW), the introduction of the European Train Control System ETCS as well as ATO (Automatic Train Operation), about 500 vehicles will be able to run in the digital node Stuttgart [Digitaler Knoten Stuttgart (DKS)] in automation level 2 (GoA 2) without analog signals from 2030 on.

According to the principle of security-by-design, INCYDE supports the end-to-end project realization in the analysis, specification, planning and implementation of suitable security. This ensures the efficient protection of the ATO system architecture against possible risks and threats as well as the preservation over the complete life cycle.  



  • Development of an IT security strategy
  • Designing a secure system architecture and component specification
  • Performing the protection needs assessment
  • Consideration of operational and lifecycle processes
  • Detailed risk assessment and concrete derivation of measures



The project is focused on securing the system and network architecture against possible attacks, which is a challenging task due to the integration of complex systems and, above all, different/new technologies.

Due to our practical expertise in the application of the security standards IEC 62443, TS 50701, VDE 831-104 and ISO 27001 we derived the necessary project as well as security steps.

With our established "hands-on" implementation of the risk assessment, together with the derivation of the security levels, the detailed risk analysis and the security measures derived from it, we define the corresponding security specifications in the system development phase, which are transferred into the requirement and functional specifications.



  • Hands on risk assessment
  • Calculation of the security level
  • Derivation of the necessary security measures/requirements
  • Realization of a test PKI