This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our
and .overview
This course is based upon the new railway cyber security specific CENELEC standards, TS50701 and best practice from other OT and IT Cyber security standards such as ISO27001, IEC 624423 and the Australian Standard® AS 7770 Rail Cyber Security.
Key Learning Objectives
- What is Cyber Security? – putting it into the context of railway and transportation
- Identify the threats and vulnerabilities (such as cyber security, safety and availability)
- Develop mitigation actions for threats and vulnerabilities and recovery from potential consequences
- Cyber Security – What standards are available for dealing with threats
- An understanding of how TS70101 can improve cyber security across the entire railway
About the Course
‘If it is not secure, it is unlikely to be safe’:
UK Department for Transport
The railway sector is facing a new challenge: the Network Information Security (NIS) regulations. According to a 2020 survey by the European Union Agency for Cybersecurity (ENISA), only 33% of rail operators of essential services (OES) have fully implemented defensive measures against cyber-attacks, as recommended by NIS regulations. This places their software under serious threat – not to mention their compliance with regulations.
When security breaches occur the ripple effect throughout an organisation can be vast, with implications that are both financial and personal. There may also be implications concerning system safety and resilience.
This course is an introduction to the major themes of cyber security and will start you on a journey to the creation of a secure rail operation. You will be able to communicate effectively, make informed trade-offs, assess risk, improve defences, and reduce vulnerabilities in your systems.
This course is based upon the new railway cyber security specific CENELEC standards, TS50701 and best practice from other OT and IT Cyber security standards such as ISO27001, IEC 624423 and the Australian Standard® AS 7770 Rail Cyber Security.
Our experts will answer questions and provide advice throughout the course via interactive live online sessions and the learning management system.
Who Will Benefit
This blended course is for railway business leaders, managers, railway inspectors, railway legislators, safety professionals, planners, Information Technology (IT) professionals, resilience specialists and railway engineers tasked with making decisions that could impact the cyber resilience of technical and organisational systems.
The course is focused more towards railway Operational technology (OT) however IT issues are also covered also in terms of their security risks and strategies from ISO27001. No prior knowledge is required of cyber security for this course
Agenda
MODULE 1
Introduction to Cyber Security in Railway Systems
- Setting the Scene
- Threat Landscape in the Railway Domain
- Safety and Security
- Terminology
- Railway Cyber Security challenges
- Risk Factors
MODULE 2
Cyber Security Incidents including:
- Lodz Tram Cyber Attack
- Stuxnet Cyber Attack
- San Francisco Municipal Transportation Authority Ware Attack
- Deutsche Bahn Ransom Ware Attack
MODULE 3
Cyber Security Standards and Schemes including:
IEC 62443 Series and ISO27001
MODULE 4
TS50701 and the Railway system
- Introduction
- Railway asset model
- Railway physical architecture model
- High-level railway zone model
MODULE 5
Cybersecurity within a railway application lifecycle
- Railway application and product lifecycles
- Activities, synchronization and deliverables
- Cybersecurity context and cybersecurity management plan
- Relationship between cybersecurity and essential functions
- Cybersecurity assurance process
MODULE 6
System definition and initial risk assessment
- Identification of the system under consideration
- Initial risk assessment
- Partitioning of the SuC
- Output and documentation
MODULE 7
Detailed risk assessment
- General aspects
- Establishment of cybersecurity requirements
- General guidance on risk assessment including setting Security Levels (SL)
MODULE 8
Cybersecurity requirements
- Objectives
- System security requirements
- Apportionment of cybersecurity requirements
MODULE 9
Cybersecurity assurance and system acceptance for operation
- Overview
- Cybersecurity case
- Cybersecurity verification
- Cybersecurity validation
- Cybersecurity system acceptance
MODULE 10
Operational, maintenance and disposal requirements
- Vulnerability management
- Security patch management
MODULE 11
TS50701 Appendices and Guidance (Informative)
MODULE 12
Conclusions and Test
On-site & in-house training
Deliver this course how you want, where you want, when you want – and save up to 40%! 8+ employees seeking training on the same topic?
Talk to us about an on-site/in-house & customised solution.