Network Rail operates and maintains 20,000 miles of track, 32,000 bridges and tunnels and 18 major stations across the UK. They are investing £30 billion to upgrade that infrastructure to use digital systems to increase capacity and efficiency. Without the right IT security, there could be problems ranging from timetabling glitches that bring commuter chaos, serious service interruptions that lead to fines to signalling or power breakdowns that put passengers or staff in danger.
Network Rail asked us to review their cyber security policies and procedures to assess how effective they were and to identify key areas for action. We also surveyed employees to test the culture around security.
Drawing on our in-depth experience of industrial control systems in the energy and utility sectors we designed systems that monitor, manage and control their infrastructure with built-in cyber protection. As well as designing this new operating model, we helped them identify the most crucial assets. And we created ‘reference architectures’ – detailed diagrams mapping the critical connections in their IT they can use to make sure any future technology developments will be secure.
Making sure an organisation’s people understand the priorities and risks is vital for effective cyber security. So we also designed and delivered a communications strategy to support the security programme, and ran a ‘Cyber for Engineers’ course for over 100 people.
Cyber security is now at the core of their activities. With new systems planned and a well-informed workforce, Network Rail can make sure the railways will be safe from cyber threats in future.