Lead Engineer Cyber Security at the ERTMS User Group
Security Governance in Railways: Bridging the worlds of CCS, Operations and Corporate
Traditionally railway businesses have been systematically operating in silos. Though closely interdependent, the 3 aspects of a typical railway business : Corporate, Operations and CCS, tend to operate in their own world. The Corporate has a much higher level of maturity in cyber security (or information security) which is mainly driven by IT and data centric business processes. However, Operations and CCS has had little need to look into cyber security being highly engineering fields and having low dependency on modern technologies. However things are changing very rapidly and there is increasing interest in cyber security activities but the 3 worlds tend to tackle cybersecurity individually and in silos. The objective of this presentation is to illustrate the importance to have coordinated activities in cyber security with a railway business and avoid duplication and segmented management of cybersecurity activities in CCS, Operations and Corporate. The Dos and Don’ts for having a comprehensive cybersecurity governance and management programme in a railway organisation.
Sharvind Appiah is an entrepreneurial and self-motivating information security management practitioner with some 15 years’ experience in the field in governance, risk and compliance working for multinationals, government and international organisations. Sharvind is a Managing Partner at Shawne Applebee Int. and is also currently the cybersecurity lead engineer at the ERTMS Users Group currently assisting EU railways to adopt a culture of cyber security in their operations and ERTMS deployment programs. Moreover, Sharvind has participated in national and regional CERT initiatives in the African region. He has also been heavily involved in the SOC projects for Engie (ex GDF Suez), GEODIS and SNCF amongst a few.