Client Case Study
Network Rails Signalling Infrastructure teams were undergoing the initial first
deployment of TMS at sites Romford and Wales, deploying new buildings to host and manage
new signalling control systems designed to increase capacity on the lines. This also introduced
new technology onto the Railway that consisted of traditional signalling control systems
composed of IT/Operational Technology systems, however were more Digitalized based on the
enhancements of signalling control technology.
Working with a traditional signalling delivery team, Complete Cyber were faced with
the challenges of raising the profile of Cybersecurity within the project and to also undertake a
technical security evaluation of the suppliers' solutions to evaluate compliance to ISO 27001
and ISA/IEC 62443. Coupled with suppliers not willing to disclose their Intellectual Property,
made the challenge even higher to obtain the required information needed to perform a full
system security audit.
Complete Cyber were able to assess the technical threat aspect to determine key
risks that could be evaluated as part of the overall System Safety Assurance case. By building
relationships with the suppliers, Complete Cyber were able to obtain the required information
from the suppliers to perform baseline audits that indicated potential security risks with the
suppliers systems. We also raised the profile of Cyber and its imposing threats across the
project, specifically with the types of systems being deployed.