Railway Network: Cybersecurity
(asked on 20th July 2023) - View Source
Question to the Department for Transport:
To ask the Secretary of State for Transport, what steps he is taking to safeguard (a) digital signal systems and (b) other digital critical infrastructure on the rail network from (i) cyber attacks and (ii) failures which risk safety.
The Department for Transport takes transport security seriously. We work closely with industry to identify and mitigate security and safety risks. The Secretary of State for Transport has a regulatory role as competent authority under the Network and Information Systems Regulations 2018 and is therefore responsible for ensuring cyber security standards are met by Operators of Essential Services across the rail network in England, Wales and Scotland.
DfT encourages industry to follow guidance from the National Cyber Security Centre to ensure digital systems and infrastructure are resilient to cyber-attacks and safety failures.
Network Rail, Great Britain's mainline railway infrastructure manager, are charged with the management of signalling and other systems that are critical to the safe and efficient delivery of the rail service. Network Rail have a fully embedded security management system that provides the systems, processes, resources and policies to effectively counter cyber threats, focusing on prevention and protection of systems accompanied with a strong monitoring and response capability. In addition to compliance with the NIS regulations, Network Rail adopt best practice from international standards such as ISO27011 [information security management systems] and IEC 62443 [cyber security for industrial automation and control systems] and were part of the drafting group for the forthcoming IEC 63452 "Cyber Security for Railway Applications" standard, recognising their leading role in railway cyber security.
Digital critical infrastructure on the railway, including digital signalling systems (ETCS), are failsafe by design. Digital signalling offers many additional safety benefits over and above conventional coloured light signalling systems.