As part of a framework agreement with Network Rail, the company in charge of the management and maintenance of the British rail network, Aecom Limited has subcontracted to Egis the assessment of the maturity of the signaling infrastructure of Network Rail's network in terms of cyber-security.
Egis has called on its subsidiary Helios, which has a strong experience in aeronautics cybersecurity, to associate it with our expertise in the rail sector.
The evaluation of the various systems was based on interviews with the operations and maintenance teams. Our teams relied on the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF), a guide that provides advice to organizations in order to help them apply EU cybersecurity guidelines correctly. The ultimate goal is to better detect and protect against potential cyber-attacks.
This mission is a direct result of the European Directive on Network and Information Security (NIS) to ensure a high and common level of security for the European Union’s information networks and systems.
After 6 months of work on the subject, the teams issued a final report with detailed recommendations specific to Network Rail's system. It identifies an action plan to implement solutions and processes to increase the effectiveness of Network Rail’s defenses against cyber-attacks.
Aware of the increasing threat and risk of cyber-attacks on our customers, Egis offers different types of support to help them guarantee maximum security on their rail network.
Our teams put their expertise at the service of Public Transport Authorities (PTAs) and operators, to help and advise them through an awareness of the risks of cyberattacks in transportation, a maturity diagnostic of the organizations and recommendations for the implementation of their information system security policy on the transport system. The ultimate goal is to support our customers in the approval of their critical information systems thanks to the varied skills of our employees, including cyber-safety experts in the rail field.
For example, Egis supports Grand Paris Express in defining the risks and measures applicable in terms of cybersecurity on line 18. Our teams are also working on the Lyon-based Future Metro (Avenir Métro) project, supporting the Sytral, the transport organizing authority, and Kéolis, the operator, in defining cybersecurity requirements to be integrated into the various markets. In this way, the designated actors will be able to provide both the compliant and necessary elements for the approval of the information system.
In addition, through its Rail Academy training program by Egis, our teams train and raise awareness of cybersecurity issues among transport operators and organizing authorities.