Our CEO Alex Cowan was delighted to have been invited to the Secure Rail conference organised by Progressive Railroading Magazine. A fantastic event - the 4th annual Secure Rail Conference brings together the stakeholders in surface transportation security with a mixture of physical security and cyber security, highlighting some of the unique challenges in the US railroad industry. Alex said:
"I was stunned to hear about the focus on GDPR in the US, obviously in Europe it is massive news right now but this has also spilled over across the pond because of some of the extra-territorial requirements.
I presented the Arriva case study to a US audience, the standards being targeted by the US rail suppliers and operators has very similar goals to the new NIS directive. Their framework (NIST framework for improving critical infrastructure cybersecurity) breaks down into key functions of Identify, Protect, Detect, Respond and Recover.
Generally, we have seen that operators, suppliers and builders are good when it comes to identification of risks and relatively good with protection of assets in terms of encryption, limited network segregation and firewalls. However, they generally fall down when it comes to detection, particularly for rolling stock and mobile assets.
A good cyber security strategy requires all of these key elements, and a layered approach based around good identification of risks, appropriate protection controls and detection when those protections fail, as well as regularly tested response and recovery plans."
RazorSecure works with transport operators and key system suppliers to improve their detection capabilities for assets that may not otherwise be monitored. Our software can be deployed in areas of key risk where networks converge such as communication gateways.