Skip to content



Securing Britain’s rail network against cyber-attack with a robust strategy

As Britain’s rail network expands and becomes even more connected, it’s important organisations are able to exchange data to ensure services run efficiently and safely. We helped the Rail safety and Standards Board (RSSB) develop an innovative strategy to ensure it was prepared for attack scenarios and cyber risks.


Key successes

  • lightbulb

    developed an innovative strategy for handling attack scenarios and cyber risks

  • people

    provided staff with guidance on successful security measures

  • target

    helped ensure compliance with the EU National Information Systems (NIS) Directive

Unlocking opportunity in a complex rail network

Britain’s rail network is becoming increasingly connected, with more and more data flowing between different companies and organisations. That includes everything from signalling alerts for train drivers and timetable information for passengers, to data from sensors on trains telling their owners when maintenance is due.

If the systems that carry this data ever suffered a cyber-attack, it could bring the rail network to a halt. We developed a strategy for the RSSB to help them make sure things wouldn’t come to a standstill.

The network is complex. It’s a patchwork of 27 passenger franchise operators and seven freight operators, plus Network Rail, which owns the infrastructure. It also includes other companies responsible for looking after rolling stock, stations and more. A communications system with so many parts is vulnerable to cyber-attack.

Focusing on security across the organisation

Our experts in cyber security developed an innovative strategy which covers areas including attack scenarios, cyber risks for every part of the network and how to respond to incidents. A key aim is to help establish a security culture in each organisation so they treat cyber-attack as a business risk like any other. This will make people at every level vigilant, from staff thinking twice before opening phishing emails to senior executives paying close attention to how successful their security measures are.

And, among other things, the strategy will help the network comply with the new EU National Information Systems (NIS) Directive. It says operators of essential services have to report ‘significant events’ within 72 hours or risk a £17 million fine.

Enjoyed? Share this story

RSSB: Securing Britain’s rail network against cyber-attack with a robust strategy

Contact us

Get in touch with the business intelligence team

Justin Lowe

PA digital trust and cyber security expert