Real-world cyber security challenges in rail systems

The use of standardised technology and interconnecting systems has increased in the Operational Technology (OT) realm in the last twenty years. This brings about great benefits such as cost reduction, interoperability and operational and asset management efficiency however, it comes at a price: the risk of cyber-attacks.

There are international standards and guides that define and advise how to build a cyber security capability. These documents cover a wide range of topics and can be eye-opening for organisations to realise that cyber security is not limited to technical controls. People and processes are also part of the equation.

But what are the real-world challenges that organisations face to implement and maintain a cyber security capability? This paper addresses this issue focusing on rail systems and taking as reference the National Institute of Standards and Technology (NIST) cyber security framework.