Cyber Consultancy Services for Rail
IL7 Security has provided cyber consultancy to central government including Police Authorities, UK Defence (all sectors) and Rail over the last decade. We started out as a family-run show in IT Security and now hope to expand more into the transport industry, particularly into RAIL. We major in Risk Management and Cyber Solutions as well as International Standards like ISO 2701 and the Network & Information Systems Regulations. I am bringing more consultants and associates into the company to provide a breadth of consultancy and good advice to rail. This is why IL7 have sponsored a new web adventure called Transport Cyber.
In the TC community, particularly IL7 consultancy and its associates, we recognise that the UK railway network is one of the most advanced systems in the world. Rail is in a sort of limbo caused by the Corona Virus, the impact of financial woes the pandemic has caused, and the delays to the Williams Report regarding franchise. However, digital technology, including IOT, is widely invested in and utilised to support Rail as a critical national infrastructure. Indeed, Digitalisation involves cutting-edge communications and IT, business and operational systems, vital to dependability, competence, capacity, and customer experience. Different high-profile projects, Thameslink, HS1, HS2, Crossrail and others depend on critical IT systems to achieve their goal. Correspondingly, major threats from international conspiracy, computer crime and even state-sponsored and ideologically-based terrorism need to be countered – the potential for a high profile cyber-attack on rail is looming. Ransomware is a hot topic but not the only one to threaten operating business plans.
The threats of Cyber-attack are rapidly growing across the globe and increasingly targeting industry and operational technology. Essentially, it is a threat to the security and safety, both to the Rail infrastructure and supporting ICT as well as vital rolling stock. In addition, a cyber-attack might jeopardise the operational and financial stability of those perilously balanced rail-operating franchises. And of course, cyber menaces the safety of those who use and operate the trains and stations. Insufficient digital protection to cyber presents countless opportunities to the attacker and is a major concern to the authorities. While the UK government is committed to reducing the cyber-risk to Rail as Critical National Infrastructure, it must be seen to be working more in partnership with the industry while at the same time taking a firm stand against those that don’t shape up. IL7 seeks to use its government experience, its relationship with DfT and the NCSC to provide a cohesive dynamic to promote best practice and to recognise the Rail Industry’s drive in both Safety and Security.
Cyber-risks include the hazard to the safety of the workforce, passengers and the public. The government has a duty to its citizens not only to ensure the security and performance of critical services but also to protect their health and safety. The Train Operating Companies, their supply chain – including the major infrastructure supplier and manager, Network Rail – have an equal duty to invest in protection and combat the threats to safety as well as operational and financial integrity. The industry, as a whole, must develop the most secure signaling systems, procure the safest ICT and the best on-board ICT security. The Cyber relationship between operating companies, manufacturers, the supply-side, and Network Rail can be cemented through IL7 Security, our consultancy, and collaboration through the Transport Cyber portal. IL7 can lend its experience in government security tactics and international standards to promote the adoption of appropriate, proportionate cyber solutions.
The major role of the Network & Information Systems Regulations, law since May 2018 has been to set the standard and encourage the industry to work with the DfT on their cyber defence. Compliance is based on a Cyber Assurance Framework produced by NCSC. Unfortunately, many operators have not met the standard for all sorts of reasons, priorities, uncertainty, investment restrictions as well as lack of enforcement. IL7 Security has worked both in the rail industry and government for many years offering expert advice on risk management and cyber defence. We have built up a risk assessment methodology that is acceptable to both DfT and NCSC. It is based on international standards and those developed in rail (CyRail 2018), It is applicable to both Operational Technology and IT systems. What’s more, is that it addresses safety as a fundamental outcome of secure systems. In addition, IL7 appreciates that for TOC’s to operate in this era of uncertainty they need secure finances and not be threatened by Malware or Ransomware. They need to be free of financial risks, compliance risks, reputational risk, operational risk and to be able to afford Data Loss Prevention and comply with GDPR (DPA 2018. Advice on Transport Cyber should lead a way to freedom. IL7 Security is therefore now the major sponsor of Transport Cyber.
The role of Transport Cyber is to bring Cyber expertise to the Transport Industry. IL7 Security and its associates are well positioned to contribute best practice ideas and solutions on the TC website while we publish policy and standards advice (ISO 31000, ISO 30100, ISO 27001, ISO 27005, NIST, NIS etc.) on the www.il7security.com site. This is how Rail Operators can find optimal security solutions to its cyber defence requirements with a recognised Return on Investment. www.transportcyber.com is not just a talking shop though it will include newsfeed and blogs and invite comment. Transport Cyber is a specially designed site that aims at delivering self-help, group participation consultancy services to the transport industry. The Rail Industry can avail itself of the best advice on cyber solutions based on risk management criteria; it can select the most applicable, affordable, and proportionate defences. We invite expert cyber consultants, not just those with transport experience, but those from industry, finance, and government, to pitch in, to promote themselves, share their ideas, opinions, hopefully their solutions. We do not aim to be product based, this is not LinkedIn or a market site, nor is it a gossip site, a political site. It will be moderated, but, we do want contributors to share experiences, share solutions, ask questions and sell their ideas.
IL7 Security sponsor Transport Cyber as a more balanced and effective site for the transport industry than any other medium. It is free to Register.
Please register now and contribute; teach & learn.
IL7 Security / Joe Ferguson
IL7 provides Cyber consultancy services to MOD, HMG and Police Services as well as Rail. Joe Ferguson is an NCSC Certified Cyber Practitioner and a Senior Information Risk Analyst. He has produced risk assessments for the ITC on RAF Aircraft, RN submarines and ships as well as trains such as the Siemens C700 using ATO and ERTMS, as well as more traditional IT Systems. He has worked with NCSC, DfT, BTP and Network Rail to promote cyber solutions over the last three years.