Number 3 in a series of 20 daily posts why Rail IT needs to adopt zero trust
Politically and commercially, the Rail Industry is in a particularly vulnerable position in UK right now. The division of responsibility we have seen over the past forty years between the operators of essential services, the TOCs, the owners of the trains, the ROSCO’s and the provider of the infrastructure and signalling Network Rail has resulted in a divergent approach to cyber. The awards of National Rail Contracts to TOCs, now commissioned to deliver services as a contractual obligation rather that a priced commodity leaves the responsibility for cyber security investment somewhat shared. There is a need for a strategic approach to the issues before us. Zero Trust offers a solution from the traditional hub and spoke architecture dependent on server hardening, end point and boundary protection. Zero Trust relies on Identity and Policy enforcement much more than fragmented, after the event, response and recovery.