Will Beta

Main Menu

  • Volatility
  • Systematic Risk
  • Returns Of Assets
  • Beta Data
  • Finance Debt

Will Beta

Header Banner

Will Beta

  • Volatility
  • Systematic Risk
  • Returns Of Assets
  • Beta Data
  • Finance Debt
Systematic Risk
Home›Systematic Risk›Railway cyber risk management: Awareness of relevant threats

Railway cyber risk management: Awareness of relevant threats

By Rogers Jennifer
December 2, 2021
0
0


ENISA has announced the publication of its report – Railway Cybersecurity – Good Practices in Cyber ​​Risk Management for Railway Organizations.

European Railway Undertakings (RUs) and Infrastructure Managers (IM) need to address cyber risks systematically as part of their risk management processes. This need has become even more urgent since the entry into force of the Network and Information Security (NIS) Directive in 2016.

Objectives of the report

The aim of the report is to provide European RUs and IMs with applicable methods and practical examples on how to assess and mitigate cyber risks.

The good practices presented are based on feedback from rail operators. They include tools, such as the list of assets and services, cyberthreat scenarios and applicable cybersecurity measures, based on industry standards and best practices. These resources can serve as the basis for managing cyber risks for railway undertakings. They are therefore intended to be a point of reference and promote collaboration between railway actors across the EU while raising awareness of relevant threats.

Existing cyber risk management approaches vary for railway IT and OT systems

For the risk management of railway IT systems, the most cited approaches were the requirements of the NIS directive at the national level, the ISO 2700x family of standards and the NIST cybersecurity framework.

For Operational Technology (OT) systems, the frameworks cited were ISA / IEC 62443, CLC / TS 50701, and the recommendations of the Shift2Rail X2Rail-3 project, or those of the CYRail project.

These standards or approaches are often used in complementary ways to adequately address IT and OT systems. While computer systems are normally assessed with broader and more generic methods (such as ISO 2700x or NIS), OT systems need specific methods and frameworks that have been designed for industrial train systems.

There is not yet a unified approach to managing railway cyber risks. Stakeholders who participated in this study indicated that they use a combination of the aforementioned international and European approaches to address risk management, which they then complement with national frameworks and methodologies.

Asset taxonomies

For RUs and IMs to manage cyber risk, it is essential to identify what needs to be protected. In this report, a complete list is divided into 5 areas; the services provided by stakeholders, the devices (technological systems) that support those services, the physical equipment used to provide these services, the people who maintain or use them and the data used.

Threat taxonomies and risk scenarios

RUs and IMs need to identify cyberthreats applicable to their assets and services. The report reviews the available threat taxonomies and provides a list of threats that can be used as a basis.

Examples of cyber risk scenarios are also analyzed, which can help railway stakeholders when carrying out a risk analysis. They show how asset and threat taxonomies can be used together and are based on known industry incidents and feedback received during workshops.

Apply cybersecurity measures

Each scenario is associated with a list of relevant security measures. The report includes cybersecurity measures derived from the NIS Directive, current standards (ISO / IEC 27002, IEC 62443) and best practices (NIST cybersecurity framework).


Related posts:

  1. ACMG clinical practice resource to help guide the clinical management of patients at increased risk for breast, pancreatic and ovarian cancer
  2. Manage water-related risks – on site and in the watershed
  3. HEARD AT HALFTIME: WHO’s Ryan explains Olympic virus risk; sprint star Richardson ready to protest? More on DK Metcalf, but not track & field
  4. IoT-based access control device vulnerabilities put users and providers at risk

Recent Posts

  • Racing Louisville uses transfer window to build asset base
  • Global Beta-Eudesmol Market 2022 to 2028 Growth Prospects and Key Industry Players Santa Cruz Biotechnology (SCBT), Merck KGaA (Sigma-Aldrich), AdooQ – Instant Interview
  • Saris Cycling Group, victim of the “Covid whiplash”, restructures to be sold
  • Fatigue Impacts Sexual Problems in Chinese Women With Systemic Lupus Erythematosus | BMC Women’s Health
  • Investor opinion: “Baillie Gifford taught me…

Archives

  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021

Categories

  • Beta Data
  • Finance Debt
  • Returns Of Assets
  • Systematic Risk
  • Volatility
  • Terms and Conditions
  • Privacy Policy