As the threat of cyber attacks increases, the European Union has created a
Cybersecurity Regulation for critical infrastructure including rail that must
be followed.
There are two main methods to asses the situation a company is in in regards to
their security. The first is the Risk Assessment Method, where threats are
scored in both their likelihood and their impact. The second is the Business
Impact Analysis Method where the impact of threats are assessed based on the
companies tangible and intangible losses.
Critical infrastructure like railroads is particularly attractive for
cybercriminals because of the damage that can be done to people, economically,
and to reputation. Cybersecurity is the weakest link in rail systems due to old
systems that are too expensive to upgrade or replace, and numerous RIoT (Rail
Internet of Things) sensors and tools.
By assessing the threats to rail infrastructure, companies can protect
themselves from losses and act as more reliable services.
