Rail Industry Focus


Get ready for cyber safety

Source: RTM Apr/May 17

It’s time the rail industry turns its attention to the importance of cyber security as we move towards increasingly digital systems, Johnny Schute, deputy chief inspector of railways and deputy director of policy, strategy and planning in the Rail Safety Division of the ORR, tells RTM’s Luana Salles.

The rail industry’s most infamous curse – its largely analogue systems which can often inhibit widespread innovation – may also be its biggest blessing in disguise, at least when it comes to cyber security. 

Globally, cybercrime has been touted as one of the biggest threats to any nation given the fast-moving digital world we live in. This is clearly highlighted in the government’s recently-published cyber security strategy, which calls for a comprehensive response to this growing problem, “from the most basic cyber hygiene to the most sophisticated deterrence”. 

But here’s the catch: because, as is widely reported, the rail sector has lagged behind many other industries when it comes to digitisation, a lot of the areas where there might be cyber vulnerabilities in more complex and sophisticated systems don’t actually pertain to rail just yet – granting it a head start when it comes to preventative planning. 

Of course, these vulnerabilities are coming, and they’re coming with Digital Railway and increasingly more complex digital information systems, as Johnny Schute, deputy chief inspector of railways, was keen to emphasise. 

Asked if the industry’s slower digital adoption provides a unique opportunity to ensure it is at the forefront of the fight against cyber-attacks, he said: “I think that’s an important point. We need to get the conversation – the communication, the collaboration, the collegiate approach – going now, because of course, by getting these in place now, it means we’ll be much better configured in industry as a whole to deal with it as Digital Railway gathers pace.” 

My original interview with Schute was meant to discuss digital railway and rail operating centres, but he asked if we could talk about cyber security instead, because it’s “quite a new area of the rail world” – and one which the regulator intends to both promote and keep a close eye on. 

“This is a live topic that is being debated, albeit at the early stages. The ORR has a keen interest in it. It’s very much about the rail industry dealing with it themselves but, as the regulator, we keep a close eye on it,” he explained.

“One of the areas that we are nudging and encouraging people towards is safety by design. Making sure that safety measures and security measures are put in place at the design stage will mean there isn’t a requirement for expensive retro-engineering to deal with the vulnerabilities that otherwise might emerge. 

“We’re very enthusiastic about making sure people design in the relevant features rather than having to deal with them once the items have been manufactured.” 

The regulator’s role 

The ORR’s role is expected to adapt as cybercrime becomes a more prevalent issue for the industry. The first order of business will be ensuring all organisations are clear about who is responsible for what piece of legislation, which is being worked out alongside the DfT. 

Apart from that, Schute said the regulator is breaking down the wider picture into four areas: understanding the nature of the problem and how an organisation’s culture might help mitigate it; managing the issue and ensuring people have suitable governance structures, policies and procedures in place, including a whole-life approach to systems security; focusing on networking internally and with other regulators; and investigating shortcomings. 

“But all is still to be determined – we’re actually de-conflicting and seeing who’s the most appropriate body to intervene in these areas,” he emphasised. 

Identifying risk 

Just like the ORR’s role in this is still emerging, so is the problem as a whole, including the risks it may pose to the sector. 

“We’re still at an early stage,” argued Schute. “But where vulnerability exists is that instead of having the rather analogue systems we have at the moment, you’d obviously have a situation whereby a train is talking to trackside material or transponders and that could be intercepted – it’s not a certainty by any stretch of the imagination, but you could interfere with those areas. 

“That’s where one of the vulnerabilities lies. But of course, vulnerabilities go wider – everything from the information systems that exist within stations and actually, just the information management systems that every large organisation has, are vulnerable to cyber-attack. 

“Cyber security is not only a big national issue – as you’ll have seen, the National Cyber Security Centre was opened by the Queen recently – but also a very, very hot topic. Therefore, we are going to be talking about it, and we’re going to be talking about it as it affects the rail industry for the next several years.” 


Nigel   15/05/2017 at 11:05

Remember that security must be designed into a system from the start, not bolted on as an after thought.

Add your comment


rail technology magazine tv

more videos >

latest rail news

View all News

rail industry focus

View all News

last word

Encouraging youngsters to be safe on the railway

Encouraging youngsters to be safe on the railway

This summer, Arriva Group's CrossCountry and the Scout Association joined to launch a new partnership to promote rail safety among young people. Chris Leech MBE, business community manager at the TOC, gives RTM an update on the innovative scheme. Recognising that young people are more likely to take a risk trespassing on railway tracks, C... more > more last word articles >


Andrew Haines, CE of Network Rail, tells BBC News his organisation could issue future rail franchises

24/06/2019Andrew Haines, CE of Network Rail, tells BBC News his organisation could issue future rail franchises

Andrew Haines, the Chief Executive of Network Rail, has told the Today programme on Radio ... more >

'the sleepers' daily blog

On the right track, Sulzer is awarded RISAS accreditation for Nottingham Service Centre

29/06/2020On the right track, Sulzer is awarded RISAS accreditation for Nottingham Service Centre

Following an independent audit, Sulzer’s Nottingham Service Centre has been accepted as part of the rail industry supplier approval scheme (RISAS). The accreditation reinforces the high-quality standards that are maintained by Sulzer’s network of independent repair facilities across the UK and further afield in its global network. ... more >
read more blog posts from 'the sleeper' >


The challenge of completing Crossrail

05/07/2019The challenge of completing Crossrail

With a new plan now in place to deliver Crossrail, Hedley Ayres, National Audit Office manager, major projects and programmes, takes a look at ho... more >
Preparing the industry to deliver trains for the future

04/07/2019Preparing the industry to deliver trains for the future

The move to decarbonise the rail network involves shifting to cleaner modes of traction by 2050. David Clarke, technical director at the Railway ... more >
Sunshine future beckons for South Wales Railways, says 10:10 Climate Action’s Leo Murray

02/07/2019Sunshine future beckons for South Wales Railways, says 10:10 Climate Action’s Leo Murray

Smart electrification is the way to boost clean energy resources, argues Leo Murray, director at 10:10 Climate Action. Contractors are clear... more >
Ambition doesn’t have to be expensive, says Midland Connect's Maria Machancoses

02/07/2019Ambition doesn’t have to be expensive, says Midland Connect's Maria Machancoses

The TCR Midlands conference is only days away and tickets are going fast for the sector event of the year at the Vox Conference Centre in Birming... more >