Network Rail
Given Complete Cyber’s background in securing Critical National Infrastructure (CNI), we were invited by Network Rails Telecoms CISO to support the introduction of security monitoring of Operational Technology. Through a proof of concept to integrate safety critical infrastructure to consume data from the infrastructure and then send this securely to Network Rails Security Operations Center. The driver for this was that National Infrastructure companies needed to comply with the NIS 2018 regulations and therefore, a selection of requirements needed to be satisfied if Network Rail were going to commence with conformance to ISA 62243 and/or ISO27001.
SCOPE
CHALLENGES
Network Rail needed a specialist consultancy that understood the challenges in accomplishing design and delivery of works on CNI, with the added issue that security monitoring on CNI had not been achieved within the UK. Complete Cyber addressed this challenge by forming a collaborative partnership with NR Telecoms teams to highlight and educate the challenges and provide options in the form of solutions to address the desired outcome of achieving security monitoring of a set of Signalling assets within a Regional
Operating Centre (ROC).
OUTCOMES
Whilst the project is ongoing, we have been able to support NR Telecoms in providing bespoke security solution development in the form of evaluating a number of options to achieve the desired outcome of a monitoring solution for security analysis. Producing a number of high/low-level designs, we have been able to evaluate the solution at a relatively low cost compared to outsourcing to vendors/suppliers.