What are the cybersecurity challenges?
A former director of the FBI used to say: “there are two types of companies, those that have been hacked and those that will be“. The past decade has proven him right. Malicious attacks are carried out by criminals determined to disrupt or damage operations. Their motivations may be economic, political or ideological. Disgruntled employees’ motivations may be more trivial. By 2025, it is estimated that cybercrime will cost companies $10 trillion.
Why are we talking about cybercrime in the railway industry?
The railway sector is undergoing a major transformation of its operations, systems and infrastructure. This transformation can be explained by greater interconnection between the different transport networks, the different modes of transport and increased digitalisation, which tends to become widespread at all levels. In terms of cybersecurity, this results in more opportunities for attacks, greater diversified risks and increasingly sophisticated attacks.
The risks are even higher as there is an ever-increasing degree of integration between the IT and OT areas. The railway is based on a complex distributed architecture with a hybrid and diverse supply and technology chain. The fact that certification life cycles are particularly lengthy for railway equipment and processes makes the system obsolete even before it is put into service.
How Expleo assist its industry clients with cybersecurity?
We have a dual role, as both a cybersecurity expert and a railway expert, specialising in risk management in all onboard and offboard railway infrastructures. We help our clients to define their security policies then implement them in the form of procedures, processes and technical architecture while considering the new normative and regulatory requirements specific to each country. We help our clients develop state-of-the-art secure products. This includes threat and risk assessment, design review, architecture review, and definition of cybersecurity countermeasures to mitigate hardware and software-specific cyber threats.
Cybersecurity must be integrated by design from the beginning of any project, and security strategies must be able to evolve in response to the threats they are intended to mitigate.
Why choose Expleo?
Expleo is both a railway and cybersecurity specialist, we understand all the challenges facing the industry, with one constant focus: safety, and its digital counterpart, cybersecurity.
We can cover all the needs of the railway sector, rolling stock, signalling, ATS, OCC, and cybersecurity, from design to implementation and operation of the products.
Expleo has already carried out numerous cybersecurity projects in the railway sector, with more than ten clients and in over fifteen countries simultaneously.
Interview with Helmi Rais, Expleo Cybersecurity Practice Leader.