This article first appeared in the Railway-News magazine, Issue 2 2023.
In this article, Eric-Vittorio Li Destri, the Railway & MCx Cyber Security Product Line Manager at VIAVI Solutions, explains the new EU NIS2 and Cyber Resilience Act regulations and why railway operational technology is so vulnerable to attack.
EU cyber security regulation, as everywhere in the world, is currently evolving.
A big bang event, larger than GDPR, will take place in the next 18 months across Europe. Member States will need to integrate the EU (Network and Information Systems) NIS2 Directive and also comply with the new Cyber Resilience Act (CRA).
These new cyber security regulations cover a wide range of industries and sectors, including railway, both from an IT and an OT (operational technology) perspective.
Before we examine railway OT and its potential cybervulnerabilities, let’s first clarify the new regulations and what they mean for the railway industry, especially regarding telecoms and signalling systems.
NIS2 was published on 28 November 2022, giving EU Member States 21 months to incorporate it into their respective national cyber security laws (i.e. by August 2024). Outside the EU, other countries such as the UK and USA are generally expected to follow this approach.
Centred on three pillars – capabilities, risk management and reporting, and co-operation and information exchange – the NIS2 Directive seeks to enhance cyber security by:
The penalty for failure to comply is significant – from EUR 10m for small companies, to up to 1.4% (and even 2%) of annual group turnover worldwide, if the requirements are not fulfilled. And it’s not just the company which can be fined, so can its board!
Railway-News magazine Issue 1, February 2023: VIAVI Solutions - Introducing VIAVI Railway & MCx.
VIAVI's solutions provide engineers with the tools to detect and discover cybersecurity issues on railway telecoms and signaling systems.
Viavi's upcoming webinar aims to provide an overview of what an engineer needs to know about using Drive Tests in the rail environment.
At VIAVI Railway User Group 2023, 100+ participants gathered from across the globe to discuss developments in railway telecommunication.
VIAVI Solutions has launched a new portfolio specifically designed for mission-critical and private network operators.
VIAVI Solutions' CX100 ComXpert is an easy-to-use, rugged communications test solution in a portable package.
VIAVI Solutions will be hosting a webinar titled 'ETCS: A Practical Guide to Meeting the New Subset-093 V4.0.0 Rules' on 23 February 2023.
Eric-Vittorio Li Destri, Cybersecurity Expert, highlights the challenges when it comes to detecting and managing cybersecurity for railway.
Use the form opposite to get in touch with VIAVI Solutions directly to discuss any requirements you might have.