The Rail Cybersecurity Summit features the best global Technology and Information Security experts across the Rail supply chain.
Mattias Vanhoutte, R&D Engineer at Televic, was there and shares the most important highlights
Prevention, monitoring, detection and response
Factor security into the solution at the start of the design process to make it less vulnerable. Assume that the system can and will be breached rather than believe that the system is impenetrable. This approach includes prevention, monitoring, detection and response, putting in place the measures to recover to normal operations as quickly as possible.
Managing supply chain risk
Take some time to understand where the supply chain starts and finishes and what comprises your supply chain. It is also important to understand what data your organisation is sharing, the value of that data and whether you have the right controls to ensure information is shared with the appropriate supplier. The biggest challenge is to strike the balance between the protection and controls and the requirement for people to carry out their respective role without overly onerous restrictions.
Information Sharing and Analysis Centres
The rail industry has its own industry specific Information Sharing and Analysis Centres (ISACs) to encourage information sharing and gain the full value of the shared threat intelligence. The Rail ISAC in Europe now comprises over 50 organisations from 10 countries since the initial launch on June 4th, 2019.
Identifying all digital assets
Understanding what assets are owned by the enterprise and connected to the network is essential for organisations to understand the risk and prepare accordingly. An accurate operational picture will improve efficiency, make the creation of digital manuals easier and give you the opportunity to start using augmented reality for asset management. However, identifying all the digital assets is not straightforward due to the growing number of devices, suppliers and the frequency of replacement. Moreover, it's important to protect the inventory as it provides a potential blueprint for hackers to attack the network.
The weakest link is the attacker's entry point.
Yes, keep me informed
I want to register for the bi-monthly newsletter with articles about trends, case studies and new features.