Digital Transit Limited and Critical Software have joined forces to offer expert advice and assessment services to rail businesses and manufacturers grappling with NIS regulations and Cyber Security threats.
The railway sector is facing a new challenge: the Network Information Security (NIS) regulations.
According to a 2020 survey by the European Union Agency for Cybersecurity (ENISA), only 33% of rail operators of essential services (OES) have fully implemented defensive measures against cyber-attacks as recommended by NIS. This places their software under serious threat – not to mention their compliance with regulations. Dr Howard Parkinson, Director of Digital Transit, commented: “We’re pleased to be working with Critical Software to ensure the new cyber security standards are applied optimally to keep railway software secure and safe. While existing standards like ISO 27001 and IEC62443 go so far, new standards like CENELEC TS50701 and NIS are very helpful but may prove difficult to follow for many companies in the sector.”
Digital Transit will ensure developers are compliant with the new regulations by aligning their work with CENELEC TS50701, consolidating existing requirements regarding the cyber security of rail-based software. We will provide an independent security assessment of railway businesses for both Operational Technology (against TS50701 et al) and information Technology (against IS27001). Once we have finalized our assessment using audits and gap analysis, the rail business will be able to make decisions on how best to deal with the burgeoning threats from the increasing threat surface caused by ever increasing digitalization. Businesses will be able to prove to regulators, and other stakeholders, that there is solid commitment to the safety and security of the entire business and safety related assets.
We also provide training in Cyber Security in Rail against CENELEC TS50701