{"id":30874,"date":"2024-03-22T20:29:15","date_gmt":"2024-03-22T10:29:15","guid":{"rendered":"http:\/\/www.vibewire.com.au\/?guid=1efd4f47f55da05b75574d39b79e9821"},"modified":"2024-03-22T20:29:15","modified_gmt":"2024-03-22T10:29:15","slug":"working-with-the-rail-industry-to-respond-to-cyber-security-threats","status":"publish","type":"post","link":"https:\/\/www.vibewire.com.au\/?p=30874","title":{"rendered":"Working with the rail industry to respond to cyber security threats"},"content":{"rendered":"<p><span class=\"field field--name-title field--type-string field--label-hidden\">Working with the rail industry to respond to cyber security threats<\/span><br \/>\n<span class=\"field field--name-created field--type-created field--label-hidden\"><time datetime=\"2024-03-22T10:29:15+00:00\" title=\"Friday, 22 March, 2024 - 10:29\" class=\"datetime\">Fri, 22\/03\/2024 &#8211; 10:29<\/time><br \/>\n<\/span><br \/>\n<span class=\"orr-published-date\">22 March 2024<\/span><\/p>\n<div class=\"field field--name-field-standfirst field--type-string-long field--label-hidden field__item\">Cyber security risks are a real and present risk for the rail industry, with potential safety implications clear. That\u2019s why the Office of Rail and Road (ORR) continues to work with industry to ensure it is properly equipped to assess, prevent and respond to cyber security threats and incidents.<\/div>\n<div class=\"orr-share-links\">\n<div><a href=\"https:\/\/twitter.com\/intent\/tweet?text=Working%20with%20the%20rail%20industry%20to%20respond%20to%20cyber%20security%20threats&amp;url=http%3A\/\/www.orr.gov.uk\/search-news\/working-rail-industry-respond-cyber-security-threats\"  class=\"orr-share-twitter\" title=\"Share to Twitter\">Twitter<\/a><a href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite?url=http%3A\/\/www.orr.gov.uk\/search-news\/working-rail-industry-respond-cyber-security-threats\"  class=\"orr-share-linkedin\" title=\"Share to Linkedin\">Linkedin<\/a><a href=\"mailto:?subject=Working%20with%20the%20rail%20industry%20to%20respond%20to%20cyber%20security%20threats&amp;body=http%3A\/\/www.orr.gov.uk\/search-news\/working-rail-industry-respond-cyber-security-threats\" class=\"orr-share-email\" title=\"Send to email\">email<\/a><\/div>\n<\/div>\n<div class=\"field field--name-field-cover-image field--type-entity-reference field--label-visually_hidden\">\n<div class=\"field__label visually-hidden\">Cover Image<\/div>\n<div class=\"field__item\">\n<article class=\"media media--type-image media--view-mode-demo-cover\">\n<div class=\"field field--name-field-media-image field--type-image field--label-visually_hidden\">\n<div class=\"field__label visually-hidden\">Image<\/div>\n<div class=\"field__item\">  <img decoding=\"async\" src=\"http:\/\/www.orr.gov.uk\/sites\/default\/files\/styles\/demo_cover\/public\/2024-03\/cyber-security-blog-2024-c.jpg?itok=ZCkqA2mR\" width=\"1020\" height=\"575\" alt=\"Paul Appleton speaking at a rail Cyber Security conference \" loading=\"lazy\" class=\"image-style-demo-cover\" \/><\/p>\n<\/div><\/div>\n<\/article>\n<\/div><\/div>\n<div class=\"clearfix text-formatted field field--name-body field--type-text-with-summary field--label-visually_hidden\">\n<div class=\"field__label visually-hidden\">Body<\/div>\n<div class=\"field__item\"><\/div>\n<\/p><\/div>\n<div class=\"field field--name-field-components field--type-entity-reference-revisions field--label-visually_hidden\">\n<div class=\"field__label visually-hidden\">Components<\/div>\n<div class=\"field__items\">\n<div class=\"field__item\">\n<div class=\"paragraph paragraph--type--text paragraph--view-mode--default\">\n<div class=\"clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item\">\n<div>\n<p paraid=\"1009377322\" paraeid=\"{ae58193c-d563-4b15-9fe7-a722d83a5164}{204}\">ORR ensures the rail industry operates in accordance with health and safety laws to protect passengers, staff and the public from harm.\u00a0<\/p>\n<\/div>\n<div>\n<p paraid=\"1982224266\" paraeid=\"{ae58193c-d563-4b15-9fe7-a722d83a5164}{222}\">With new software-based systems introduced to help with the operation of the network, new risks have emerged. Duty holders should manage their systems so that software design, operation, maintenance and cyber security risk is overseen in the same way as any other safety risk.\u00a0 It should form part of their wider Safety Management System.\u00a0\u00a0<\/p>\n<\/div>\n<div>\n<p paraid=\"962568171\" paraeid=\"{ae58193c-d563-4b15-9fe7-a722d83a5164}{242}\">Paul Appleton, Deputy Director for Railway Safety, recently spoke at a cyber security conference about the cyber security landscape in the UK rail industry, and ORR\u2019s action to help get the rail network prepared.<\/p>\n<\/div>\n<div>\n<h2>ORR\u2019s cyber security capability<\/h2>\n<\/div>\n<div>\n<p paraid=\"815394205\" paraeid=\"{ae58193c-d563-4b15-9fe7-a722d83a5164}{254}\">We are constantly monitoring emerging risks and are building ORR\u2019s capability in the Railway Safety Directorate to enable us to inspect and investigate railway companies in this area through developing an inspection tool and training our inspectors.\u00a0<\/p>\n<\/div>\n<div>\n<p paraid=\"457278171\" paraeid=\"{23c603fd-d159-4bbc-9ec4-bd5412cc6f5f}{23}\">This tool covers these key areas: Leadership; Governance and Safety Management System\u200b; System Safety (Safety and Security) and Interfaces\u200b; Risk Assessment; System architecture \u2013 IT &amp; OT; Supply chain; and Competence.<\/p>\n<\/div>\n<div>\n<p paraid=\"742863764\" paraeid=\"{23c603fd-d159-4bbc-9ec4-bd5412cc6f5f}{31}\">The tool includes 63 underlying questions to ask duty holders and assess indicators of good and bad practice.\u202fWe are currently undertaking several inspections and expect to set out our findings in the Chief Inspector\u2019s annual report next summer.\u202fThe first test inspection on East Midlands trains, was in last summer\u2019s <a href=\"http:\/\/www.orr.gov.uk\/monitoring-regulation\/rail\/promoting-health-safety\/annual-health-safety-report\" data-entity-type=\"node\" data-entity-uuid=\"9d97c72a-7007-4f3a-b8f3-9ee948bd8dc3\" data-entity-substitution=\"canonical\">Chief Inspector\u2019s report<\/a>.\u00a0<\/p>\n<\/div>\n<div>\n<p paraid=\"1204449200\" paraeid=\"{23c603fd-d159-4bbc-9ec4-bd5412cc6f5f}{69}\">ORR now also has a dedicated Digital Safety specialist inspector. A key part of their role will be highlighting these present risks to the rail industry.\u00a0<\/p>\n<\/div>\n<div>\n<h2>Next steps<\/h2>\n<\/div>\n<div>\n<p paraid=\"159645159\" paraeid=\"{23c603fd-d159-4bbc-9ec4-bd5412cc6f5f}{109}\">We are working with industry and the Railway Safety and Standards Board (RSSB) to develop standards in this space, such as the RIS Client Safety Assurance of High Integrity Software-Based Systems for Railway Applications and the RSSB cyber security BowTie model that is being developed.\u00a0<\/p>\n<\/div>\n<div>\n<p paraid=\"1325829518\" paraeid=\"{23c603fd-d159-4bbc-9ec4-bd5412cc6f5f}{123}\">Although we haven\u2019t yet witnessed cyber security failures resulting in a rail incident we have seen them happen in other countries and industries \u2013 so it\u2019s important to ensure ORR and the rail industry is properly equipped to deal with threats as it would be with any other health and safety risk.\u00a0<\/p>\n<\/div>\n<\/div><\/div>\n<\/div><\/div>\n<\/p><\/div>\n<div class=\"field field--name-field-related-links field--type-link field--label-above page__related page__related--links\">\n<div class=\"field__label\">Related links<\/div>\n<div class=\"field__items\">\n<div class=\"field__item\"><a href=\"http:\/\/www.orr.gov.uk\/monitoring-regulation\/rail\/promoting-health-safety\">Promoting health and safety<\/a><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"field field--name-field-author-image field--type-image field--label-hidden field__item\">  <img decoding=\"async\" src=\"http:\/\/www.orr.gov.uk\/sites\/default\/files\/styles\/news_author_120x120_\/public\/2024-03\/paul-appleton-blog.png?itok=Txa3PIA-\" width=\"120\" height=\"120\" alt=\"Paul Appleton\" title=\"Deputy Director,  Railway Safety\" loading=\"lazy\" class=\"image-style-news-author-120x120-\" \/><\/p>\n<\/div>\n<div class=\"field field--name-field-author-name field--type-string field--label-hidden field__item\">Paul Appleton<\/div>\n<div class=\"field field--name-field-author-job-title field--type-string field--label-hidden field__item\">Deputy Director, Railway Safety<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Working with the rail industry to respond to cyber security threats<br \/>\nFri, 22\/03\/2024 &#8211; 10:29<\/p>\n<p>22 March 2024<\/p>\n<p>            Cyber security risks are a real and present risk for the rail industry, with potential safety implications clear. That\u2019s why the Off&#8230;<\/p>\n","protected":false},"author":13,"featured_media":1,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-30874","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/posts\/30874","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=30874"}],"version-history":[{"count":5,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/posts\/30874\/revisions"}],"predecessor-version":[{"id":78337,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/wp\/v2\/posts\/30874\/revisions\/78337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=30874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=30874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vibewire.com.au\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=30874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}