07.11.17
Cyber security vital after four attacks on Britain’s rail network last year
Digital technology must play a part in improving organisational resilience and reducing passenger safety risk, a leading rail industry figure has stated.
Speaking at Rail Network Resilience 2017 last week, Arup’s resilience, security and risk associate, Nadim Choudhary, said that cyber security is a very real threat to Britain’s railways.
The cyber security threat is so great that the government has added it to its tier 1 threats, alongside terrorism, war and global pandemic.
Every 4.7 seconds there is a new malware threat introduced to the internet.
In the past, security threats were physical systems with no online connectivity, however, in the last year alone there have been four major cyber-attacks on the railways.
Previously the development of operational technology (OT) and information technology (IT) have been treated as separate entities, but Choudhary said that this is changing.
The railways are joining the 21st century and the two systems are merging, which exposes the network to more cyber-attacks.
In response to this, safety is now becoming embedded in the IT systems of the railways, but this is not without its challenges.
However, this impacts on business continuity and, if it becomes a frequent event, it will undermine the public’s confidence in the network, as well as having a financial impact on companies due to imposed fines for failure to meet the agreed service.
Choudhary explained that natural events expose the industry to cyber threats: “If we have a natural hazard event, or we have a flooding event, or whatever event we have, cyber criminals are very resourceful - they know when systems are down and they will attack things when organisations are at their most vulnerable.”
The industry needs to have a joined up approach to developing a coherent strategy for maintaining cyber security, identifying gaps for research, and standards and guidance need to be issued, he advised.
The supply chain also needs to be robust and resilient, and collaboration with peers is vital to establish what the cyber risks are.
“Cyber security should be considered a fundamental part of an organisation,” he continued. “It shouldn’t just be a bolt-on, added at the end, it should form part of the solution, it should be at the outset of the design when we are considering and designing our systems and components, and cyber security should be a part of that.”
Have you got a story to tell? Would you like to become an RTM columnist? If so, click here.