How can modern security be applied to existing operational systems?
Each of the identified critical systems within the Signalling and E&P (Electrification and Plant) groups was assessed for CAF (Cyber Assessment Framework) objectives, using the following sources of information:
- Published documentation provided by Network Rail and suppliers
- Interviews with internal Network Rail System owners and experts
- Interviews/questionnaires with system suppliers
The approach to the CAF assessments was to provide a technical document-based review of each system, based on available documentation, policies and procedures, which was then supplemented by input from operational staff who have working knowledge of the system ‘as operated’. This provides valuable insight into the system and a more realistic view of the system’s vulnerability to cyber threats. It also provides valuable insight into organisational and cultural factors that can be critical factors in the effectiveness of human defences against cyber threats.