INDEPENDENT CYBERSECURITY ASSESSMENT
WHAT IS A CYBERSECURITY MISSION ?
In an increasingly connected and digital world, the Railway and Urban Transportation industry relies on information and communication technologies. The security of the transportation systems can impact the operational safety and efficiency of the Railway industry in case of cyber threats. In this fluctuating context, Railway operators and also manufacturers need to have a global approach by taking into account these new risks. For this, they have to identify these cybersecurity risks and implement cyber security management systems in order to mitigate these risks, give confidence in the control of their vulnerability level and ensure a safe and reliable service.
Therefore as the railway market is changing from a traditional, mechanical and heavy industry to a more connected environment, they have to rely on new reference documents and standards. Although some texts from other countries and sectors such as the ISO 2700X, IEC 62443, or NIST (National Institute of Standards and Technology) publications exist, no unified reference documents (standards, …) is available to this day and that are fit to the railway sector.
CERTIFER has focused its efforts in defining the framework of independent cybersecurity assessment by referencing and analyzing the most acknowledged texts that are used in other sectors and some countries. From now on, CERTIFER is able to define a specific method that can fit any of our customer’s need, with tailor-made solutions.
As required by the standards containing also the human factors, the Independent Cybersecurity Assessment can be performed on any equipment or any part of the railway system, sending processing or receiving data to ensure such data has not been altered, corrupted or intercepted to be improperly used.
The ISO 27005 standard (Information technology – Security techniques – Information security risk management) is used as a major guideline to manage and mitigate risks to an acceptable level. CERTIFER is able to perform Cybersecurity service from the start of design activities (review of cyber security management plans, valuation of assets, incidents management,…) up to testing activities (assessment of white / grey / black box testing), review of attack scenarios and their consequences.
WHAT IS THE ROLE OF THE INDEPENDENT CYBERSECURITY ASSESSOR ?
Among others, CERTIFER is available to perform the following activities: