Practical guidelines on cybersecurity: Requirements in tendering

Cybersecurity protection in public transport and railways is a new but growing concern. Nowadays, almost any product incorporates firmware or software and – because computing tools usage has become universal, from the maintenance staff to the railway President – it is one of the few cross-functional subject matters that public transport operators (PTOs) must face. Unfortunately, few employees have the relevant proficiency to deal with such complicated issues, particularly when it comes to cybersecurity for automation of physical operations, such as rail system communications, signalling and processing.

Hence, the dilemma facing PTOs: should IT/OT specialists be spearheading all functional processes (for example, marketing or procurement) that involve automation product definition or not? Role definition, particularly in this area, is a complex matter and is one that we will tackle later, describing the specific contributions that IT, OT and other cybersecurity specialists can bring to the protection of railways. That said, we strongly suggest that whenever necessary, IT/OT specialists should support their functional colleagues in creating appropriate processes and intervening on the very technical topics.

It also means over and above the usual training that all employees should have, these functional managers should rely on guidelines to help them address the cybersecurity issues in their process.

Read the Executive Summary

Are you a UITP member?

Access the Report on MyLibrary

Not a UITP member?

Provide your details & read the Report for free!

Thank you to the Report sponsors: AXIS Communications, Cylus, INIT and Waterfall Security Solutions!