Siemens Rail Case Study

| Customer story
Download now

Ensuring connectivity across railroads with scalable secure OTA updates

THE CUSTOMER

siemens@2x

 

Transportation & Infrastructure | Europe
https://www.siemens.com/

 

Delivering secure, reliable, and compliant over-the-air updates to thousands of trains throughout Europe

The Mobile Communications division of Siemens Mobility designs and delivers advanced rail communication systems for operators globally. Its digital cab radios provide critical, secure voice and data links between trains and control centers, enabling safe, efficient, and reliable railway operations.


In collaboration with Network Rail in the United Kingdom (UK) and other international partners, Siemens is modernizing fleet communication infrastructure with secure, large-scale over-the-air (OTA) software updates. Siemens cab radios exist in more than 11,000 trains in the UK, with deployments expanding to additional markets, including national rail projects in Norway.

 

11,000+

700+

Existing UK train fleet

Radios deployed in Norway

 

Key Benefits

Tick Maximizes operational uptime with fail-safe OTA updates and rollback protection
Tick Reduces time delays by delivering updates over LTE-R to trains running at full speed
Tick Maintains IEC 62443 compliance with a zero-trust security strategy
Tick Mitigates operational risks with fleet-wide visibility and targeted rollouts
Tick Scales seamlessly with existing Linux and AWS environments

The Challenge

Managing complex, large-scale OTA updates across a global train fleet

Siemens initially relied on its internal Remote Software Update (RSU) tool to update its cab radios. However, the homegrown solution lacked the flexibility and user experience required to support the growing fleet. The tool wasn’t built for large-scale deployments. With the expansion of its train communication devices, Siemens now required the ability to deliver targeted updates to subsets of its fleet, whether individual trains, entire depots, or specific operator groups. To meet these demands, Siemens needed a more intuitive and robust OTA solution, one capable of securely managing a diverse, geographically dispersed fleet of devices.


In parallel, Siemens required a secure, scalable way to update thousands of trains in service. Updates had to be delivered over LTE-R to trains traveling at speeds exceeding 500 km/h, without disrupting operations or requiring trains to slow down then stop. The OTA update solution also needed to provide visibility into software versions, enable remote diagnostics, and capture performance and anomaly data from the field. Meeting stringent rail security and regulatory standards was also essential. Siemens sought an update solution that could support compliance with IEC 62443 and align with zero-trust security principles, ensuring updates were both reliable and protected against emerging threats.

Objectives

Group 8455 (2) Ensure secure and compliant OTA updates across a growing fleet
Group 8454 Deliver updates over LTE-R without service disruption
Group 8456 (1) Gain visibility into software versions and device health
Group 8457 (1) Improve control with targeted updates by train, depot, or operator
Group 8458 Scale operations to manage thousands of trains globally

 

The Solution

Implementing a secure and scalable OTA update platform

Siemens chose Mender, a leading OTA update platform, to securely manage its custom cab radios and support updates at scale across thousands of trains in service. Mender integrates with Siemens’ NXP i.MX6 Quad processor running a Yocto-based Linux distribution and a QNX board connected via Ethernet. Using LTE-R, updates are delivered reliably to trains traveling at more than 500 km/h, while maintaining stable voice and data communications throughout the process.
To handle fleet complexity, Siemens also takes advantage of dynamic grouping and phased rollouts. The advanced features in Mender allow Siemens engineering teams to target updates to specific trains, depots, or operator groups. Custom inventory reporting provides real-time visibility into software versions and deployment status across the entire fleet, giving Siemens unprecedented granularity and control.
Finally, hosted on AWS infrastructure with Terraform-managed instances and secure S3 artifact storage connected via a site-to-site VPN, Mender ensures updates are protected end-to-end while remaining highly scalable for future growth. 

 

The Mender Difference

Group 8455 Purpose-built to meet IEC 62443 rail security standards Group 8456 Scales securely to thousands of trains worldwide of trains
Lightning Integrates seamlessly with Yocto, QNX, and AWS environments high-level 1 Delivers updates reliably at train speeds over 500 km/h

 

The Benefits

Secure, reliable OTA updates at scale for rail train fleets

Enhanced security & compliance

With encrypted communication channels, mutual TLS authentication, public key infrastructure (PKI), and zero-trust architecture, Mender facilitates IEC 62443 Security Level 3 compliance for rail communication systems, a Siemens internal goal.

Strengthened operational reliability in the field

A/B partitioning with automatic rollback minimizes the risk of bricking devices, ensuring train cab radios remain operational even if an update fails.

Unmatched Fleet-wide visibility & control

Enterprise features such as dynamic grouping, phased roll outs, and targeted deployments enable Siemens to update specific trains, depots, or regions without impacting the broader fleet.

Seamless future-proof integration

Incorporating OTA update capabilities into its web-based fleet management portal, Siemens now supports expansion to additional fleets, including national rail projects in Norway.

 

Technology ecosystem:

Tick Yocto-based Linux distribution
Tick NXP i.MX6 Quad processor
Tick QNX board connected via Ethernet
Tick Long-term Evolution–Railway (LTE-R) communication standard
Tick AWS-hosted infrastructure with Terraform-managed instances and S3 artifact storage

 

 

Tags:

Download the case study