Cyber vulnerabilities and safety risks across the digital railway

摘要

Initially, cybersecurity focused around developing and implementing technical products and solutions, often as a quick fix in response to an identified vulnerability. More recently, cybersecurity certifications and standards have been introduced to encourage further cyber resilience. And now, we have begun to see how building the culture as the next step on cybersecurity's evolution recognises that people make an organisation secure, not just technology. Although a cybersecurity culture started with basic awareness training, the sector is adapting as organisations understand that people can be both the best response to cyber-attacks, and the weakest link. A cybersecurity culture begins by creating a cybersecurity mind-set in all staff, including senior management, that the risk is real and their daily actions and decisions can impact that risk. Just as safety is now seen as something where everyone must play their part, so it must be with cybersecurity.