The UIC Security platform seventh ‘Security Week’ event continued on Wednesday 9 June 2021 with the second session on “Adapting Behaviour to New Cyber Threats.”
The online event had over 80 participants from several continents: Africa, Asia, Europe, and South and North America. A special thanks to those participants and speakers who woke up especially early to join our event at 4am their local time.
The session was opened by François Davenne, UIC Director General, who underlined the importance of cyber security for railways, which as a critical infrastructure represent a key asset in the overall transport scenario.
The keynote speech was given by Marianthi Theocharidou, from ENISA (European Union Agency for Cybersecurity), who highlighted the way in which Covid-19 impacted cybersecurity generally. While the storytelling aspects of an attack changed to take into account the pandemic, the means of attack remain well known: DDOS attacks, phishing, ransomware, supply chain attacks, etc. According to reporting under the EU NIS Directive, 41% of cyber incidents are due to malicious actors. However, an even higher percent (44%) are due to system failures and an additional 17% are attributed to Human Factors. That said, cyber incidents reported directly attributable to railways were rare, compared to other critical sectors such as Health or Aviation.
This was followed by a session focusing on international experiences and working groups. Paul Gwynn, representing the UITP Cyber Security Working Group, shared how the working group came to be and which work was currently being undertaken, including the publication of a practical guidance to secure home working. Further, Olivier de Visscher, Chairman of ER-ISAC (European Railway Information Sharing & Analysis Center), explained that ER-ISAC gathers information from relevant stakeholders and then acts as an analysis center to better understand the threat landscape. Then, Catherine Houbion, representing the UIC Cyber Security Working Group, explained the genesis and objectives of the Cyber Security Solutions Platform Project. By the end of the project, they will have created a catalogue of cyber security solutions in a ready-to-use tool, thanks to inputs from railway undertakings, infrastructure managers and solution providers.
The third part of the session focused on lessons learned from UIC Members and Transport Authorities. Geraud Lanquetin from SNCF provided examples of good practices that are shared with SNCF (France) employees to help them develop their “cybeReflexes”. Olivier Verack from SNCB (Belgium) described their new Cyber- and Information Security Office (CISO) and how they use various means (newsletters, videos, interactive events (with coffee!), Yammer posts) to increase awareness of cyber security and employ automated phishing tests to analyse and then improve employee behaviour. Marek Pawlik from ISAC-Kolej (IK) (Poland) explained how IK responds to legal regulations as part of the railway related critical infrastructure cybersecurity verification processes and shared the infographic they created “cybersecurity guidelines for the employees of the railway entities” to help raise awareness. Last but not least, Robert Melan from DHS-TSA (United States Department of Homeland Security Transport Security Administration) described the “5N5” programme, which aims to provide employees of the rail sector with 5 non-technical actions they can take in 5 days to improve cyber security. The “5N5” programme takes the form of a workshop and provides no-cost cybersecurity resources and programmes. All speakers commented on the importance of staff actions when it comes to cyber security and highlighted the importance in password changes and the importance of reporting any cyber incidents.
As demonstrated during this session, international cooperation is key to increasing cyber security, as cyber attacks know no borders and all transport stakeholders are facing similar threats. The importance of International Cooperation in Rail Security will be discussed during the third and final session of this year’s Security Weeks, taking place next Wednesday 16 June 2021 10:00 – 13:00 CEST (Paris time). Join us!
More information, including registration, can be found on the event page: https://uic.org/events/security-weeks-2021