The importance of developing a rail cybersecurity incident response plan cannot be overstated—and not only because having one is now a TSA cybersecurity requirement.

Building a robust response plan is fundamental to ensuring operational continuity and passenger safety in the event of a cyberattack. An expertly designed cybersecurity response playbook provides the protocols, actions, and processes for mitigating incidents that target the rail’s unique and mission-critical assets, such as signalling systems and telecommunications.

But that’s not all. Carrying out an effective rail cybersecurity incident response plan requires a high degree of coordination and collaboration between various stakeholders. After all, it is people who will ultimately execute the playbook and resolve the situation.

The challenge is that not all stakeholders who are tasked with responding to cyber events are familiar with the cybersecurity terminology, risks, threats, and possible outcomes. Unlike other types of disruptive operational events, in which the cause is more tangible, some stakeholders don’t know how to perform their responsibilities properly during cyber attacks. 

To build a meaningful cybersecurity response plan, you need the ability to improve both team readiness and cross-collaboration, but also, to investigate an attack in real-time and assess its potential operational impact. For rails, in which operational continuity and safety go hand-in-hand, this is crucial.

In this article, we cover three important considerations when developing a rail cybersecurity response plan.

Complete visualization provides essential context to remediation guidance

The next cyberattack is not a matter of if, but when. Yet not every attack is the same. Therefore, those tasked with responding to suspicious activity need to be prepared to tailor their response. The only way to do so is with the right knowledge, visibility, and forensics.

Where did the breach occur, and what’s the attacker’s potential path deeper into your internal systems? Which connected operational, mission-critical assets are now at risk? What actions do rail operators and infrastructure managers need to take to quickly mitigate damage, ensure business continuity, and keep passengers safe?

Without clear visibility into the entire rail ecosystem and real-time threat investigation, it’s impossible to understand the severity of an attack, its potential impacts on operations, and eventually how to respond properly.

Threat forensics enables an accurate and effective response

Threat detection is the first stage of any response plan—you can’t respond to what you don’t detect.

Once a threat is detected, all of the data needs to be gathered passively and non-intrusively by a rail-centered cybersecurity solution in order to perform detailed cybersecurity forensics to guide the investigation into what happened before, during, and after the attack.

The forensics report includes a complete threat profile of the attack, including the type of affected assets, functions and connectivities, and event logs.

This information allows those responsible for executing the cybersecurity incident response plan to understand the scale and scope of the attack, as well as the potential operational impacts.

Communication is the key to executing a truly coordinated response

Effective collaboration and a high degree of coordination are integral to efficiently responding to a cybersecurity threat. By establishing a CSOC, led by a CISO, you will have the necessary structure and expertise to carry out a coordinated rail cybersecurity incident response plan, in which every stakeholder understands their role and responsibilities.

A CSOC (cybersecurity operations center) is a centralized unit that is responsible for continuously monitoring the rail organization’s security posture. It is the command post that sits at the center of your IT and OT infrastructure, including your networks, communication and signalling systems, devices, and rolling stock, and combines the knowledge of cybersecurity experts and rail managers.

When threats arise, cybersecurity experts in the CSOC will be the ones leading the response plan to resolve them. Guided by a cybersecurity incident response playbook, CSOC members will dispatch optimized guidance to all relevant stakeholders to quickly resolve the threat and maintain operations. 

Swift remediation depends on both technology and people

We all know that it’s not if an attack will occur, but when. In addition to having a proven remediation playbook, continuous asset mapping and monitoring, as well as threat investigation capabilities, are vital to attack preparedness.

When an attack does occur, effective remediation requires both technical know-how as well as predefined systems of communication so every relevant stakeholder can respond with confidence.

About Cervello

Cervello is a trusted railway cybersecurity leader dedicated to ensuring railway safety, reliability, and business continuity for railway organizations globally.

Our unique, zero-trust and yet fully passive cybersecurity solution provides a complete contextual representation of the operational activity and continuously monitors the railway’s mission-critical assets, enabling railway operators and infrastructure managers to mitigate threats as they arise and avoid disruption — all without interfering with the highly sensitive and complex railway infrastructure.

Railway organizations rely on Cervello to secure both their legacy and modern systems so that they can continue to operate safely.”

For a more complete version of this article, visit the Cervello resource center here.

The post Member Article: Cervello’s Important Considerations When Building a Rail Cybersecurity Incident Response Plan appeared first on RSI.

Operation Lifesaver has state programs in 45 states and the District of Columbia. The National Office of OLI, located in Washington DC, creates videos and other rail safety education materials that are shared with the state programs and in public awareness campaigns like our “See Tracks? Think Train!” campaign. Operation Lifesaver and its authorized volunteers offer free rail safety presentations to audiences across the nation.

OLI’s efforts are made possible through a number of safety partners. Our federal safety partners, who provide grant funding for rail safety campaigns and materials, include the Federal Railroad Administration, Federal Highway Administration and Federal Transit Administration. Through these partnerships, OLI pushes out grant funding to the state programs for educational efforts and campaigns in their communities at a grassroots level.

Additional partners for OLI and the state programs include railway supply companies, freight railroads, Amtrak, commuter railroads and transit agencies, as well as state departments of transportation.

Our newest safety partner is the Posner Foundation of Pittsburgh, which over the past two years has provided private funding to expand and supplement federal grants to state Operation Lifesaver programs.

Other in-kind partners helping to share Operation Lifesaver’s rail safety message include national organizations like the American Farm Bureau Federation, Association of American Railroads, the National Organization for Youth Safety, the National Safety Council and Safe Kids Worldwide.

There are many ways to join with us in getting out the rail safety message.

A great example of how all of these partnerships work together to raise awareness is Rail Safety Week, held the last week in September. Rail Safety Week has gained momentum and media coverage each year since it began in 2017. This year, Mexico is joining the U.S. and Canada in observing Rail Safety Week from September 21-27, through the participation of the Mexican Association of Railroads (Asociación Mexicana de Ferrocarriles, or AMF).

Due to the COVID-19 pandemic, this year Rail Safety Week activities will emphasize online and social media, with virtual campaigns to urge communities and safety partners to share messages.

The “Stop Track Tragedies” public awareness campaign, part of Rail Safety Week, shows the impact of rail-related incidents on families and communities. Operation Lifesaver urges its partners and followers to share our videos and other messages on social media during Rail Safety Week, using the hashtags #RailSafetyWeek and #STOPTrackTragedies.

Railway suppliers can partner with and support OLI, not only during Rail Safety week but throughout the year as well! You can join our safety efforts by becoming an authorized volunteer; by following us onFacebook, Instagram, LinkedIn, Twitter, Pinterest and YouTube; and by supporting your state’s Operation Lifesaver program. Visit oli.org to learn more about us and find the Operation Lifesaver program in your state.

Operation Lifesaver’s core mission is to save lives by helping people make safer choices near tracks and trains. To further that mission, OLI will continue our existing partnerships and seek ways to reach new audiences with our lifesaving messages. We are already looking forward to our 50^th Anniversary in 2022, a milestone that will allow us to reaffirm our commitment to saving lives.

Rachel Maleh is Operation Lifesaver, Inc.’s Executive Director.

The post Rail Safety Week Highlights Operation Lifesaver Partnerships appeared first on RSI.