This article first appeared in the Railway-News magazine, Issue 4 2022 Data & Monitoring edition.
For large/complex transportation networks, starting on your cyber security journey can feel overwhelming, but there are simple steps organisations can take to develop a robust strategy and roadmap, writes George Ifebuzo, Sales Director at FoxGuard Solutions, a wholly owned subsidiary of Framatome.
Maintaining widespread security over vast geographical regions is no easy task for rail networks. However, it is far from impossible.
First, creating a secure digital environment can be broken down into steps, starting with determining what assets are essential to an organisation’s daily operations.
Running through each business process, from how a customer buys a ticket, to how a train gets safely from point A to point B will likely highlight that your business relies on more assets and applications than initially thought and will help you redefine what’s critical to daily operations.
In our experience, companies tend to focus resources on their most critical assets, which makes sense, but oftentimes don’t realise the effect a peripheral system can have on operations if it becomes unavailable. We’ve seen attackers focus on these less protected secondary systems and still impact critical operations, so it’s key to scrutinise every aspect of your operations.
Determining what’s important to daily operations goes hand-in-hand with undertaking a cyber security vulnerability assessment (CVA), which many of the latest security regulations require. It’s a perfect place to start because this exercise walks you through examining what you have in place while opening your eyes to what’s at risk.
When we perform CVAs on behalf of clients we typically start with a policy and procedure review to get a good perspective between the organisation’s policy expectations and how it actually operates. This gives you a well-rounded view of your current cyber-security stance and using this information, you can establish a baseline of operations, which shows exactly how your business is currently run. This will include an inventory of assets, their configurations and the controls in place.
Use the form opposite to get in touch with FoxGuard Solutions directly to discuss any requirements you might have.