2017 Integrated Report – Departure into a new era

Production and technology

Scope: technical malfunctions, technology risks (vehicles, infrastructure, IT and telecommunications), custom offenses, thefts, maintenance, fire protection, legacy remediation, noise abatement, technical further development and sale of real estate

If the quality of passenger transport services suffers, this has an impact on production and service quality and can lead to the loss of customers. Postponed deliveries of new vehicles may result in revenue losses and additional costs, for example due to substitute transport services or penalty payments.

The availability and the condition of the track infrastructure are significant prerequisites for competitive rail transport. In order to maintain the future viability of rail in the long term, it is also necessary to modernize the infrastructure through digitalization and automation.

Intense construction work on the network affects schedules and the production quality of carriers to a different extent, depending on the region, some of which cannot be compensated for.

The range and quality of our services depend to a significant extent on the availability and reliability of the production resources used, intermediate services procured and the quality of our partners’ services. We therefore keep up an intense dialog with our suppliers and business partners on the subject of quality. This is of particular importance in the vehicle industry.

Sufficient availability of our vehicle fleet is particularly critical. Significant restrictions endanger operating schedules. In regional transport, there is the additional risk of penalties imposed by the relevant contracting organizations if trains are canceled or punctuality is insufficient. We try to minimize this risk by taking preventative actions and also by minimizing the consequences should it happen, such as by providing replacement vehicles or by organizing substitute transport.

The technical production resources used in rail transport must comply with applicable standards and requirements, which are subject to change. As a result, we may receive technical complaints concerning our vehicles. This leads to the risk that we may only be permitted to use individual series or rail car types under certain conditions, such as limited speeds, shorter intervals between maintenance or reduced wheel set loads. In addition, we cannot accept newly purchased vehicles that have flaws or for which the necessary vehicle certification has not been granted. In regional transport, a risk can arise from the redundancy of vehicles following the expiry or re-tendering of a transport contract. As a countermeasure, alternative possible uses are checked continuously.

Increasing digitalization means that dependence on secure IT that is available around the clock is increasing. This will result in risks, such as the interruption of the availability of IT systems or unauthorized third parties accessing customer data.

We combat these risks through forward-thinking IT security management, which provides the necessary security for our IT-­based business processes. A key tool in this respect is risk management for IT applications and IT infrastructure/services. The relevant risks are systematically identified, analyzed, evaluated and reduced. The remaining risks are documented and if necessary reported to and mo­­­n­­­­­i­tored by suitable bod­ies. The IT risk management of DB Group follows the internationally accepted standard as de­­fined in ISO 27001/27002:2013.

Improved IT security

According to Europol, on May 12, 2017 at least 200,000 computer systems in 150 countries fell victim to the worldwide WannaCry cyber attack – including DB Group. This primarily affected ticket machines and display boards at train stations. Train services, customer safety and the security of customer data were never at risk. Immediately after the occurrence of WannaCry, a crisis committee was set up to correct the technical failures and prevent it from continuing to spread. The Cyber Security @ DB project aims to sustainably improve IT security and governance throughout DB Group. We want to increase our resilience to external IT threats. Measures to prevent and promptly identify attacks are therefore being developed.

To prevent critical gaps in security, appropriate coun­termeasures (such as firewalls, encryption and closed servers, timely installing of software updates) have been implemented. In order to ensure high availability of IT operations, we use redundant systems distributed across different locations. Data backup is carried out at a separate location from ac­­tual operations. Operational management is performed by trained personnel, and there is clear separation of responsibilities. Our wide area network (WAN) is redundantly designed wherever IT security and business continuity require this. Penetration tests are conducted systematically and regularly for the most important IT applications, with the aim of detecting weak points at an early stage and eliminating them. These measures reduce the risk of IT system failures and avoid large-scale disruptions, ensuring that mission-critical business processes are operational at all times.

Punctuality is a key factor for rail freight transport customers when selecting a mode of transport. In addition to this, irregularities can occur during transport, such as customs offenses and theft. We combat these risks with measures such as engaging qualified customs coordinators and using an immediate reporting system for tax assessment notices. 

Related topics