Key Role of Transport Cyber Compliance with NIS in UK
Transport Cyber recognizes that the UK railway network is one of the most advanced systems in the world. Rail in a sort of limbo caused by the Corona Virus, the impact of financial woes the pandemic has caused, and the delay of the Williams report. However, digital technology, including IoT, is widely invested in and utilized to support Rail as critical national infrastructure. Indeed, Digitalisation involves cutting-edge IT business and operational systems vital to dependability, competence, capacity, and customer experience. Different high-profile projects, Thames link, HS1, HS2, Cross rail, and others depend on critical IT systems to achieve their goal. Correspondingly, major threats from the international conspiracy, computer crime, and even terrorism need to be countered. The potential for a high profile cyber-attack on rail is looming.
The threats of Cyber-attack are rapidly growing across the globe and increasingly targeting industry and operational technology. Essentially, it is a threat to the security and safety, both to the Rail infrastructure and rolling stock. As well as the operational and financial stability of those perilously balanced rail-operating franchises. And of course, a threat to the safety of those that use and operate the trains and stations managed by the TOCs and Network Rail. Insufficient digital protection to cyber presents countless opportunities to the attacker, it is a major concern. While the UK government is committed to reducing the cyber-attack risk to Rail as Critical National Infrastructure, must be seen to be working in partnership with the industry.
Cyber risks include the threat to the safety of the workforce, passengers, and the public. The government has a duty to its citizens not only to ensure the security of critical services but also to protect their health and safety. The Train Operating Companies, their supply chain – including the major infrastructure supplier and manager, Network Rail have an equal duty to invest in protection and combat the threats to safety as well as operational and financial integrity. The industry as a whole must develop the most secure signaling systems; procures the safest ICT and the best onboard ICT security.
The major role of the Network & Information Systems Regulations, law since May 2018 has been to set the standard and encourage the industry to work with the DfT on their cyber defense. Compliance is based on a Cyber Assurance Framework produced by NCSC. Unfortunately, many operators have not met the standard for all sorts of reasons, priorities, uncertainty, investment restrictions as well as lack of enforcement. IL7 Security has worked both in the rail industry and government for many years offering expert advice on risk management and cyber defense. We have built up a risk assessment methodology that is acceptable to both DfT and NCSC. It is based on international standards and those developed in rail (Cyber Rail 2018), It is applicable to both Operational Technology and IT systems. What’s more, is that it addresses safety as a fundamental outcome of secure systems. In addition, IL7 appreciates that for TOC’s to operate in this era of uncertainty they need secure finances and not be threatened by Malware or Ransomware. IL7 Security is now a major sponsor of Transport Cyber.
The role of Transport Cyber is to bring Cyber Expertise to the Transport Industry. This is how Rail Operators can find optimal security solutions to its cyber defense requirements with a recognized Return on Investment. Transportcyber.com is not just a talking shop though it will include newsfeed and blogs and invite comments. Transport Cyber is a specially designed site that aims at delivering self-help, group participation consultancy services to the transport industry. The Rail Industry can avail itself of the best advice on cyber solutions based on risk management criteria; it can select the most applicable, affordable, and proportionate defenses. We invite expert cyber consultants, not just those with transport experience, but those from industry, finance, and government, to pitch in, to promote themselves, and share their ideas, opinions, hopefully, their solutions. We do not aim to be product-based, this is not LinkedIn or a market site, nor is it a gossip site, a political site. It will be moderated, But we do want contributors to share experiences, share solutions, ask questions and sell their ideas.
Transport Cyber is a more balanced and effective site for the transport industry than any other. And it free to Register. Please register now and contribute; teach & learn.