With potentially devastating disruption seen across both public and private networks in May, Kevin Bell from Bond Dickinson examines some of the threats to transport systems.
Transport networks are embracing digitalisation. IT systems are interconnected and can now control infrastructure, vehicle movement and signalling, as well as providing integrated rolling stock management systems.
Passenger requirements are also changing, with increased demand for on-board Wi-Fi and real-time personalised journey status updates, thereby linking corporate infrastructure to consumer devices. Massive sums of passenger data are collected and processed, including data which is very attractive to cyber criminals such as personal information (name and home addresses) and bank and payment card details. If these systems and the data residing on it are not adequately protected,they will be vulnerable and open to attack.
Research suggests that IT systems are likely to contain vulnerabilities due to a number of factors. This could be through insufficiencies in the design and development of a system, how it is configured, maintained and protected from intrusion. The increase in the number and type of vulnerabilities is inevitable as systems move away from bespoke standalone arrangements to open-platforms developed using off-the-shelf components. The connectivity of systems and devices to public and private networks leaves them exposed to the threat of cyberattack.
As digitalisation brings real benefits for both operators and passengers this inevitably opens up greater risks of cyberattack (as seen around the world in May). Threats can come from a number of sources, including direct contact with system infrastructure via a USB port, to unauthorised access to physical locations or a threat from within the organisation itself. Whilst many attacks are deliberate, non-deliberate security breaches caused by negligence or lack of knowledge should be included in cyber security measures and procedures.
Rolling stock and infrastructure owners, operators and manufacturers are required to protect the safety of their operations. Whilst the majority of cyber-crime may be to cause economic or financial damage, motives can vary from causing mild disruption, stealing data, causing reputational damage or, at its worst, causing death or injury.
Good cyber security within an organisation involves all levels of personnel within that organisation. Their full engagement is key to raising awareness of cyber risk and managing that risk by developing and supporting effective cyber security policies and procedures.
Our session at the UK Light Rail Conference in July aims to provide an overview of:
- The real-world cyber threats faced by light rail operators. This will include examining the type of attacks (both deliberate and non-deliberate). We will also review the types of reported data security breaches and how other sectors are being impacted by cyberattack
- The risks associated with a cyberattack, not only from a legal perspective but the financial and reputational impact an attack might have
- The new legal regulations on operators to keep their digital networks secure (including the new Network and Information Systems Directive and the new General Data Protection Regulation, both of which come into force in early 2018). We will briefly examine what the new compliance landscape will look like, as well as the consequences of non-compliance
- How to prepare for and respond to a cyber security incident.This will involve examining preventative measures, issues to consider when reporting a data security breach and some case studies to highlight the importance of risk assessment, management and governance.
Kevin Bell
Kevin is a Partner at law firm Bond Dickinson, with experience in advising on heavy and light rail franchise and concessions bids, franchise mobilisations and related statutory transfer schemes, rolling stock leasing and a variety of commercial and regulatory matters.
He acts for a number of passenger rail operators and has also worked with for concession letting authorities and rolling stock manufacturers.
Kevin is a member of the Steering Group of the Transport Forum of the West & North Yorkshire Chamber of Commerce.
www.bonddickinson.com
Photo by Blue Coat Photos / CC BY-SA 2.0
Leave a message:
Menu
22 Dec
