Critical infrastructure faces a growing number of security threats.. Critical infrastructure typically relies on Industrial Automation and Control Systems (IACS) and other non-IT components, often referred to as “Operational Technology.” To effectively assess cybersecurity risks within operational technology (OT) systems, adhering to the internationally recognized IEC 62443 standard is best practice. IEC 62443-3-2, part of…
In this post, I delve into the most relevant standards that secure our railway systems. Using Europe and Germany as a case study for the local and national level of standards, the following infographics provides a comprehensive overview of the most relevant standards helping to increase security on the tracks. 📄 Download infographics as pdf:…
Today I attended the CNA e.V. railway technology forum 2024 in Nuremberg for ICS GmbH. The title of the conference was “Unlocking the opportunities of railtech”, which is both necessary and possible with the help of digital systems such as ETCS, ATO and CTMS – if it’s done in the right way. Cybersecurity plays a vital role in…
There is a job advert for a Windows 3.11 administrator role in the rail industry doing the rounds on the internet right now – e.g. here at Heise. It’s often accompanied by the question why such old systems are still in use – it’s 2024! Yes, this is the reality of OT systems – not…
This morning I’m on the way to Frankfurt for ICS – Informatik Consulting Systems participating at a DKE security working group meeting regarding standardisation of railway security.
The Polish Press Agency (PAP) reports a cyber attack on the Polish rail network in the north-west of the country in Szczecin. A BBC article reports: “Hackers broke into railway frequencies to disrupt traffic in the north-west of the country overnight, the Polish Press Agency (PAP) reported on Saturday.The signals were interspersed with recording of…
Step 1: Plan Security Management: This is the first step in the process, indicating the importance of planning and managing security measures effectively. Step 2: Security Risk Analysis (IEC 62443-3-2): The second step involves conducting a security risk analysis in accordance with the IEC 62443-3-2 standard. This step is crucial for identifying potential security risks…
Tomorrow is the final of the “Deutscher Startup-Pokal” for the security and AI sector, organised by GFFT e.V.. 🧔I have been asked to be part of the jury for the security startups that will be pitching tomorrow: 💡 sematicon AG💡 Cybervize💡 ONEKEY Together with the other expert jury members, I will be asking questions about…
This excellent talk from RSA Conference 2023 tries to answer this question with what is currently known regarding: A clear recommendation to watch this presentation by Jason Kramer and Dr. Ulrich Lang, CEO to anyone in the OT/ICS industry.