Cyber Security Is a Minimum, Not a Plus

Cyber Security Is a Minimum, Not a Plus
Address: VIAVI - Building E
15 Bd Marcel Paul
Saint-Herblain
Nantes
44800
France
Phone: +33 2 28 01 95 50 Website: View website Contact: Contact supplier View: View supplier Download: Download

VIAVI Solutions

Cyber Security Is a Minimum, Not a Plus

This article first appeared in the Railway-News magazine, Issue 2 2023.

In this article, Eric-Vittorio Li Destri, the Railway & MCx Cyber Security Product Line Manager at VIAVI Solutions, explains the new EU NIS2 and Cyber Resilience Act regulations and why railway operational technology is so vulnerable to attack.

EU cyber security regulation, as everywhere in the world, is currently evolving.

A big bang event, larger than GDPR, will take place in the next 18 months across Europe. Member States will need to integrate the EU (Network and Information Systems) NIS2 Directive and also comply with the new Cyber Resilience Act (CRA).

These new cyber security regulations cover a wide range of industries and sectors, including railway, both from an IT and an OT (operational technology) perspective.

EU NIS2 Regulation

Before we examine railway OT and its potential cybervulnerabilities, let’s first clarify the new regulations and what they mean for the railway industry, especially regarding telecoms and signalling systems.

NIS2 was published on 28 November 2022, giving EU Member States 21 months to incorporate it into their respective national cyber security laws (i.e. by August 2024). Outside the EU, other countries such as the UK and USA are generally expected to follow this approach.

Centred on three pillars – capabilities, risk management and reporting, and co-operation and information exchange – the NIS2 Directive seeks to enhance cyber security by:

  • Defining a minimum set of measures
  • Ensuring there is a risk-based approach to managing cyber security
  • Enforcing management accountability
  • Reporting and sharing information on significant incidents

The penalty for failure to comply is significant – from EUR 10m for small companies, to up to 1.4% (and even 2%) of annual group turnover worldwide, if the requirements are not fulfilled. And it’s not just the company which can be fined, so can its board!

Download the full PDF here.

viavisolutions.com

Other VIAVI Solutions Documents

Latest VIAVI Solutions News

VIAVI’s New Solution for Resilient Positioning, Navigation and More

VIAVI’s New Solution for Resilient Positioning, Navigation and Mo...

VIAVI introduces the industry’s most comprehensive solution for resilient positioning, navigation and timing for critical infrastructure.

Railway Signalling Webinar

Railway Signalling Webinar

VIAVI Solutions offers a practical guide to meeting the new ETCS Subset-093 v4.0.0 rules in its new webinar.

Threat Intelligence & NIS2 Updates on Cybersecurity

Threat Intelligence & NIS2 Updates on Cybersecurity

VIAVI cybersecurity expert, Eric Li Destri, will be hosting a webinar on 15 February covering the topics of GSM-R, ETCS and interlocking.

Rail Telecoms are the Vital Backbone for Modern Rail Operations

Rail Telecoms are the Vital Backbone for Modern Rail Operations

Viavi's upcoming webinar aims to provide an overview of what an engineer needs to know about using Drive Tests in the rail environment.

The VIAVI Railway User Group 2023

The VIAVI Railway User Group 2023

At VIAVI Railway User Group 2023, 100+ participants gathered from across the globe to discuss developments in railway telecommunication.

VIAVI Solutions Enhances Portfolio

VIAVI Solutions Enhances Portfolio

VIAVI Solutions has launched a new portfolio specifically designed for mission-critical and private network operators.

VIAVI Unveils the Rugged, Handheld CX100 ComXpert

VIAVI Unveils the Rugged, Handheld CX100 ComXpert

VIAVI Solutions' CX100 ComXpert is an easy-to-use, rugged communications test solution in a portable package.

A Practical Guide to Meeting the New Subset-093 V4.0.0 Rules

A Practical Guide to Meeting the New Subset-093 V4.0.0 Rules

VIAVI Solutions will be hosting a webinar titled 'ETCS: A Practical Guide to Meeting the New Subset-093 V4.0.0 Rules' on 23 February 2023.

Cybersecurity for Railway Is a Minimum, Not a Plus

Cybersecurity for Railway Is a Minimum, Not a Plus

Eric-Vittorio Li Destri, Cybersecurity Expert, highlights the challenges when it comes to detecting and managing cybersecurity for railway.

Comtest Wireless Gains ISO 27001 Certification

Comtest Wireless Gains ISO 27001 Certification

Comtest Wireless invests in their technology to protect the data they hold. As a result, they have now gained certification for ISO 27001.

Contact VIAVI Solutions

Use the form opposite to get in touch with VIAVI Solutions directly to discuss any requirements you might have.








    We'd love to send you the latest news and information from the world of Railway-News. Please tick the box if you agree to receive them.

    For your peace of mind here is a link to our Privacy Policy.

    By submitting this form, you consent to allow Railway-News to store and process this information.

    Subscribe
    Follow Railway-News on LinkedIn
    Follow Railway-News on Twitter