NRTMS Romford & Wales
Network Rails Signalling Infrastructure teams were undergoing the initial first deployment of TMS at sites Romford and Wales, deploying new buildings to host and manage new signalling control systems designed to increase capacity on the lines. This also introduced new technology onto the Railway that consisted of traditional signalling control systems composed of IT/Operational Technology systems, however were more Digitalized based on the enhancements of signalling control technology.
SCOPE
CHALLENGES
Working with a traditional signalling delivery team, Complete Cyber were faced with the challenges of raising the profile of Cybersecurity within the project and to also undertake a technical security evaluation of the suppliers' solutions to evaluate compliance to ISO 27001 and ISA/IEC 62443. Coupled with suppliers not willing to disclose their Intellectual Property, made the challenge even higher to obtain the required information needed to perform a full system security audit.
OUTCOMES
Complete Cyber were able to assess the technical threat aspect to determine key risks that could be evaluated as part of the overall System Safety Assurance case. By building relationships with the suppliers, Complete Cyber were able to obtain the required information from the suppliers to perform baseline audits that indicated potential security risks with the suppliers systems. We also raised the profile of Cyber and its imposing threats across the project, specifically with the types of systems being deployed.