42
| THE DIGITAL RAILWAY
Cyber vulnerabilities and safety risks across the digital railway Dr Emma Taylor CEng FIMechE FSaRS, Head of Digital Safety at RazorSecure explains how the implementation of cybersecurity in the railway has evolved considerably over the past ten years
I
nitially, cybersecurity focused around developing and implementing technical products and solutions, often as a quick fix in response to an identified vulnerability. More recently, cybersecurity certifications and standards have been introduced to encourage further cyber resilience. And now, we have begun to see how building the culture as the next step on cybersecurity’s evolution recognises that people make an organisation secure, not just technology. Although a cybersecurity culture started with basic awareness training, the sector is adapting as organisations understand that people can be both the best response to cyber-attacks, and the weakest link. A cybersecurity culture begins by creating a cybersecurity mind-set in all staff, including senior management, that the risk is real and their daily actions and decisions can impact that risk. Just as safety is now seen as something where everyone must play their part, so it must be with cybersecurity. When people think of a cybersecurity ‘insider threat’ they usually picture a malicious employee seeking to cause disruption. In reality, an insider threat is more than likely to be from ‘accidental security incidents’. These are incidents that can be caused by several different factors, such as poorly designed security processes, genuine mistakes, or staff unaware of the behaviours they need to follow in line with a security protocol. To get security culture right, it’s critical to foster an environment where everyone is security conscious. The modern rail network has rapidly evolved, which has led to large-scale increases in the quantity of systems on-board a modern digital train. When considering cybersecurity risk, it is important to consider the motivations of
Rail Professional
