Asset Management and Cyber Security in Rail Transport

Photo by Benn McGuinness on Unsplash
  • Global commodity/market price crashes (e.g., oil and gas)
  • Increased competition by various nations (e.g., overseas manufacturing)
  • Availability and affordability of technological solutions (e.g., commoditization of processing power)
  • Increased focus on uptime, sales/revenue, and delivery commitments.
Rail transportation: Digitalization and securing current and future assets require comprehensive cyber security
  • The longer an asset is deployed, and the quicker it reaches End of Life (EOL), the more it costs if it is not properly maintained, the more vulnerabilities it acquires, and the likelihood of its involvement in a breach or cyber security incident increases
  • Systems are often not standalone — they are systems of systems, interact/communicate frequently and depend on one another
  • Securing any asset (legacy or new) requires mitigations or changes such that the organization’s risk threshold is maintained

Industrial cyber security basics and asset management: IoT and ICS commonalities

Rail transport organizations should ensure they have the following in place before committing to net-new technology projects:

Cyber security in rail needs to be adequately covered by governance, process, and procedure perspectives.

Automated asset management and inventory are fundamental for assessing cyber risk, making technological decisions, performing vulnerability management, and assuring compliance.

Vulnerability and endpoint management is not limited to Windows systems.

Network security requires more than perimeter and bastion-based security.

Alerts, logs, monitoring, and SIEMs do not work out-of-the-box.

Risk management frameworks are necessary for considering and managing cyber risk not only for Informational Technology (IT) but also for OT assets.

Technology needs people and processes.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Verve Industrial Protection

Verve Industrial Protection

Verve's mission is to protect the world's critical infrastructure. Learn more at