“...You know, in a nutshell, cybersecurity is all about risk management. We are risk managers. It’s a complicated, specialized risk, but it’s a risk nonetheless. And that’s what we do…”  // Mark Grant, former CISO, CSX

‍

Modern railroads rely heavily on technology, with many processes being 95% or more reliant on it. When these technologies are compromised, it can significantly impact business operations and the supply chain. As a result, companies across the rail industry are motivated to focus on cybersecurity strategies to prevent attacks and minimize business impact. 

‍

Join Mark Grant and Bill Heinrich as they discuss the crucial role proper engagement with suppliers plays in cybersecurity in the rail industry. Bill Heinrich, a veteran of the railroad industry with over 40 years of experience serving as former CISO for BNSF and Amtrak, and Mark Grant, former CISO at CSX with extensive experience in the shipping and container industry, share their perspectives on cybersecurity in the rail industry at Hack the Railroad hosted by MISI and Cylus. 

‍

Grant and Heinrich explain that modern railroads are highly reliant on technology, making it essential for rail companies to focus on cybersecurity processes and enable detection and response to network vulnerabilities. As some rail systems are decades old and were not designed with cybersecurity in mind, it is essential to be aware of these older systems' vulnerabilities and take steps to protect them from cyber threats.

‍

The veteran rail professionals also discuss the importance of asset discovery in cybersecurity, as it allows rail companies to identify and track the devices and systems on their network, which is particularly important when dealing with suppliers. To manage this, they recommend involving cybersecurity teams throughout the supply chain and engaging with suppliers on security solutions and threat intelligence. 

Watch Mark Grant and Bill Heinrich discuss the role of suppliers in rail cybersecurity.

‍