05.06.15
Cyber security not just a problem for the IT department
If cyber security continues to be considered as a purely IT problem it could lead to critical infrastructure failing, according to Network Rail’s head of cyber security.
Peter Gibbons spoke during a panel session at Infosec where he made several interesting points. He believes that cyber security should be considered by all employees – not just IT specialists.
"I have an aspiration: to stop talking about cyber security and just talk about security," he said, as reported by V3.co.uk.
"We need to stop looking at cyber security workers as magical people and help the train drivers and oil workers to see an issue and respond to it, viewing security as a part of their job and calling in the expertise when they need it.
"We need to stop thinking about cyber security as a specialism. It's something everyone should know about and view as part of their job."
Gibbons is also concerned about the Internet of Things and the lack of security built into products.
"We see a future in the next five to 10 years when temperature monitors may be making decisions about train running and speeds. In the future we're also looking at things like getting the red signal sign on tracks and putting that information into the trains," he said.
"Traditionally we've bought products that aren't secure and bolted a load of things on top to try and make them secure. We need secure products."
He wants to see the industry come up with a common set of standards for security so that suppliers build security in as standard.
"We need secure standards on the provisioning of products for when we connect it all together. If we don't start with a secure product built on a common set of requirements we're in trouble."