Cybersecurity support to Network Rail

Assess the maturity of security approaches across Network Rail’s signalling infrastructure.

Under contract to Network Rail (NR) via Aecom and Egis Rail, we were asked to review and update a set of CAF (Cyber Assessment Framework) assessments and recommend practical remediations where necessary to the Signalling and E&P (Electrification and Plant) Systems.

How can modern security be applied to existing operational systems?

Each of the identified critical systems within the Signalling and E&P (Electrification and Plant) groups was assessed for CAF (Cyber Assessment Framework) objectives, using the following sources of information:

Published documentation provided by Network Rail and suppliers
Interviews with internal Network Rail System owners and experts
Interviews/questionnaires with system suppliers

The approach to the CAF assessments was to provide a technical document-based review of each system, based on available documentation, policies and procedures, which was then supplemented by input from operational staff who have working knowledge of the system ‘as operated’. This provides valuable insight into the system and a more realistic view of the system’s vulnerability to cyber threats. It also provides valuable insight into organisational and cultural factors that can be critical factors in the effectiveness of human defences against cyber threats.

A system-wide understanding of security maturity and required evolution.

We produced a detailed report covering our assessment of critical E&P (Electrification and Plant) and Signalling systems against the Department for Transport CAF (Cyber Assessment framework). The report also included remediation recommendations resulting from the assessment.

Alongside detailed system-specific remediation recommendations, the final report identified a number of general themes which provided insights into suitable approaches and activities which could further increase the effectiveness of Network Rail’s defences against cyber-attack and ransomware. These common themes provided an opportunity to implement a more central solution to provide compliance benefits across multiple systems.

Steps to build on existing good practices.

We provided both general remediations and system-specific remediations in the final report. The remediation plans focus on the following aspects:

Opportunities to further enhance physical and access security arrangements to defend against unauthorised and inadvertent changes to systems
Identification of system segmentation opportunities to limit the spread of viruses or ransomware
Development of metrics to effectively evaluate and monitor identified cyber-risks
Steps to control portable and removable devices in the context of operational systems
Establishing frameworks and processes which collect evidence needed for future assessments and to demonstrate continued compliance to regulation
To make future CAF assessments more straightforward, Egis also offered additional recommendations to improve the security management processes, based on the lessons learned in this work.

Cybersecurity support to Network Rail.

Client

Timeline

Cyber impacts on critical infrastructure.

The challenge.

Assess the maturity of security approaches across Network Rail’s signalling infrastructure.

Imagine.

How can modern security be applied to existing operational systems?

Create.

A system-wide understanding of security maturity and required evolution.

Achieve.

Steps to build on existing good practices.

Related projects.