2018 Integrated Report – On track towards a better Railway

Opportunity and risk report

Production and technology

  • Scope: technical malfunctions, technology risks (vehicles, infrastructure, IT and telecommunications), customs offenses, thefts, maintenance, fire protection, environmental remediation, noise abatement, technical further development and sale of real estate

If the production quality of passenger transport services suffers, this has an impact on service quality and can lead to the loss of customers. Postponed deliveries of new vehicles may result in revenue losses and additional expenses, for example due to substitute transport services or penalty payments.

The availability and the condition of the track infrastruc­ture are significant prerequisites for competitive rail transport. In order to maintain the future viability of rail in the long term, it is also necessary to modernize the infrastructure through digitalization and automation.

Intense construction work on the network affects sched­ules and the production quality of carriers to a different extent, depending on the region, some of which cannot be compensated for.

The range and quality of our services depends to a significant extent on the availability and reliability of the production resources used, the intermediate services procured and the quality of our partners’ services. We therefore keep up an intense dialog with our suppliers and business partners on the subject of quality. This is of particular importance in the vehicle industry.

Sufficient availability of our vehicle fleet is particularly critical. Significant restrictions endanger operating schedules. In regional transport, there is the additional risk of penalties imposed by the relevant contracting organizations if trains are canceled or punctuality is inadequate. We try to minimize this risk by taking preventative actions and also by minimizing the consequences should it happen, such as by providing replacement vehicles or by organizing substitute transport.

The technical production resources used in rail transport must comply with applicable standards and any requirements which are potentially subject to change. As a result, we may receive technical complaints concerning our vehicles. This leads to the risk that we may not or only under certain conditions, such as limited speeds, shorter maintenance intervals or reduced wheel set loads, be permitted 
to use indi­vidual series or rail car types. In addition, we cannot accept newly purchased vehicles that have flaws or for which the necessary vehicle certification has not been granted.

Technical defects or requirements may make modifications to vehicles necessary, potentially leading to significant restrictions to availability or even temporary suspensions.

In regional transport, a risk can arise from the redundancy of vehicles following the expiry or re-tendering of a transport contract. As a countermeasure, alternative possible uses are checked continuously.

Increasing digitalization means that dependence on secure IT that is available around the clock is increasing. This will result in risks, such as the interruption of the availability of IT systems or unauthorized third parties accessing customer data.

We combat these risks through forward-thinking IT security management, which provides the necessary security for our IT-based business processes. An important tool in this process is risk management of information, IT applications and IT infrastructures/services. The relevant risks are identified, analyzed, evaluated and reduced.

The remaining risks are documented and if necessary re­­ported to and monitored by suitable bodies. Our IT security management follows international standards as set out in ISO 27001/27002:2013 and the NIST Cybersecurity Framework.

It is also vital to have an overall understanding of the risks on the technical and personnel levels in order to appropriately address security risks. Weaknesses in procedures and in compliance with security rules often create openings for attacks. Creating a lasting awareness of security in different groups of employees therefore contributes to recognizing unusual situations (such as phishing e-mails) early and consequently reducing exposure to attacks.

In order to minimize critical technical holes in security, a wide variety of countermeasures (e.g. firewalls, encryption and isolated server areas, prompt installation of software updates) are used. Appropriate redundancy in IT systems (also across several locations) increases overall protection against failure of critical business processes, applications and infrastructures. Redundancy is also built into the network infrastructure as a whole where this is required to ensure information security and business continuity.

Penetration tests and Red Team stress tests are conducted systematically and regularly for the most important processes and IT applications, with the aim of detecting weak points at an early stage and eliminating them.

Altogether, these measures reduce the risks of attacks, the failure of IT systems arising from them, the disruption of communication or the theft of confidential information, and therefore avoid the resulting damages to DB Group.

Punctuality is a key criterion for our rail freight transport customers when selecting a mode of transport. In addition to this, irregularities can occur during transport, such as customs offenses and theft. We combat these risks with measures such as engaging qualified customs coordinators and using an immediate reporting system for tax assessment notices.

Related topics