Cyber risks and Railways. Fixing OT to keep the hackers out
OT / ICS / IIoT are relatively niche technology areas, but share a common purpose; to enable industrial ‘things’. Gartner’s description of OT nails it “…hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.”
As rolling stock becomes ‘smarter’, what new risks do we need to mitigate against? What can we learn from some of the ‘facepalm’ security moments in IoT to prevent similar issues in connected OT?
Already we’re seeing vulnerable PLC cloud management platforms, but what about rail-specific tech such as PIS, TCMS, ETB and related remote access? Remote start, CCTV, remote diagnostics and plenty more all offer opportunities for the hacker, if not rolled out securely.
In much the same way as the maritime and aviation sectors have struggled with new security risks created from connecting ships and airplanes, rail is heading in a similar direction. We need to get ahead of the change curve and embed security before it becomes a problem.
We’ll describe the current state of security in OT and how it seems to not be evolving and improving at the same rate as other grouped technologies. We’ll show you examples of what we see going wrong and detail the root causes.
Jo Dalton will be presenting.