Transforming for tomorrow
Digital at the core
Securing Britain’s rail network against cyber-attack with a robust strategy
As Britain’s rail network expands and becomes even more connected, it’s important organisations are able to exchange data to ensure services run efficiently and safely. We helped the Rail safety and Standards Board (RSSB) develop an innovative strategy to ensure it was prepared for attack scenarios and cyber risks.
developed an innovative strategy for handling attack scenarios and cyber risks
provided staff with guidance on successful security measures
helped ensure compliance with the EU National Information Systems (NIS) Directive
Britain’s rail network is becoming increasingly connected, with more and more data flowing between different companies and organisations. That includes everything from signalling alerts for train drivers and timetable information for passengers, to data from sensors on trains telling their owners when maintenance is due.
If the systems that carry this data ever suffered a cyber-attack, it could bring the rail network to a halt. We developed a strategy for the RSSB to help them make sure things wouldn’t come to a standstill.
The network is complex. It’s a patchwork of 27 passenger franchise operators and seven freight operators, plus Network Rail, which owns the infrastructure. It also includes other companies responsible for looking after rolling stock, stations and more. A communications system with so many parts is vulnerable to cyber-attack.
Our experts in cyber security developed an innovative strategy which covers areas including attack scenarios, cyber risks for every part of the network and how to respond to incidents. A key aim is to help establish a security culture in each organisation so they treat cyber-attack as a business risk like any other. This will make people at every level vigilant, from staff thinking twice before opening phishing emails to senior executives paying close attention to how successful their security measures are.
And, among other things, the strategy will help the network comply with the new EU National Information Systems (NIS) Directive. It says operators of essential services have to report ‘significant events’ within 72 hours or risk a £17 million fine.
RSSB: Securing Britain’s rail network against cyber-attack with a robust strategy