"I was stunned to hear about the focus on GDPR in the US, obviously in Europe it is massive news right now but this has also spilled over across the pond because of some of the extra-territorial requirements.
I presented the Arriva case study to a US audience, the standards being targeted by the US rail suppliers and operators has very similar goals to the new NIS directive. Their framework (NIST framework for improving critical infrastructure cybersecurity) breaks down into key functions of Identify, Protect, Detect, Respond and Recover.
Generally, we have seen that operators, suppliers and builders are good when it comes to identification of risks and relatively good with protection of assets in terms of encryption, limited network segregation and firewalls. However, they generally fall down when it comes to detection, particularly for rolling stock and mobile assets.
A good cyber security strategy requires all of these key elements, and a layered approach based around good identification of risks, appropriate protection controls and detection when those protections fail, as well as regularly tested response and recovery plans."
RazorSecure works with transport operators and key system suppliers to improve their detection capabilities for assets that may not otherwise be monitored. Our software can be deployed in areas of key risk where networks converge such as communication gateways.