Head of Tramway Systems & Telecoms Department
Railway Systems – How to deal with cyber threats
Like many industries railways are increasingly reliant on information systems for their day-to-day operation. Whilst the consequences of a failure of a single component can easily be minimised through good system design, the impact of someone taking control of an operational system for malicious intent could be catastrophic.
In this paper we will first look at why cyber-security is an important issue identifying the principal risks and threats to various railway systems. Based on lessons learnt, specific recommendations will be proposed in a number of areas. These include: the definition of an overall security policy for an organisation, the role of risk assessment based on international standards, how technical design can take into account cyber threats, the definition and implementation of robust processes, the role of audits and penetration tests and finally the importance of continuous assessment and measurement.
The paper will also address organisational and contractual issues such as: ensuring all stakeholders incorporate the security policy into their relevant processes and ensuring security requirements are cascaded down into all contracts not just for technical design of equipment and systems but also for test and commissioning.
In the final section of this paper we will look at how to put together an overall Security Case including the various components and the processes that need to be followed to ensure that cyber security is taken as seriously as railway safety.
Since joining British Rail in 1994, Lovan has spent his career in transport systems engineering, specialising in radio systems. Working for SYSTRA in France since 2006, he is currently Director of the Tramway Systems and Telecoms Department, which covers two principal activities: (i) systems engineering and integration for tramway/light rail and bus rapid transit projects around the world, (ii) telecommunications, fare collection and supervisory systems expertise for mainline rail, metro, tramway/light rail and bus rapid transit projects around the world.
He is a Chartered Engineer and an Honorary Senior Research Fellow at the University of Birmingham (UK). In 2017 he was elected to the board of the French intelligent transport systems association (ATEC-ITS). Bringing together various stakeholders including transport authorities, road and public transport operators, car manufacturers and consultancies, ATEC-ITS aims to inform debate and help formulate policy in intelligent mobility.