The Safety Division of the Swiss Federal Office of Transport (FOT) has recently issued a cybersecurity directive aimed at fortifying the security of the nation's railway sector. Historically, Switzerland's cybersecurity directives have been less stringent than those of its European neighbors. The country's regulatory framework has been relatively lenient, with lower penalties for non-compliance. This approach has granted the country’s regions (Cantons) significant autonomy in managing cyber issues. However, increasing threats to critical infrastructure across various sectors have necessitated a shift towards more industry-specific regulations. The CySec Rail Directive demonstrates this strategic shift, aiming to standardize and enhance cybersecurity measures across the Swiss rail network.
The Objectives of the CySec Rail Directive
Effective from July 1, 2024, the CySec Rail Directive represents a pivotal step in Switzerland's approach to rail cybersecurity. This directive responds to the increasing digitization and interconnectedness of public transport systems, which, while offering operational efficiencies, also introduce significant cybersecurity vulnerabilities. The directive seeks to mitigate these risks by establishing security requirements for railway companies' information security management systems (ISMS).
Understanding the Cybersecurity Directive
The new directive emphasizes the importance of protecting information processing systems, data networks, and operational technology (OT) systems in the railway sector.
Here's a closer look at some essential requirements outlined in the directive that are relevant for the critical rail networks:
- Asset Management (B-03): Railway operators must maintain a comprehensive inventory of all assets, implement processes to identify new assets, and categorize them by their criticality regarding confidentiality, integrity, and availability.
- Security Monitoring (B-07): Systems and networks shall be designed and configured to detect and evaluate attacks and anomalies as quickly as possible. Real-time monitoring is essential to address threats and minimize damage proactively.
- Incident Management (B-08): Operators shall establish clear processes for managing and responding to security incidents. Effective incident management helps minimize disruption and ensure quick recovery when the unexpected happens.
- Business Continuity Management (B-09): Identifying and evaluating critical systems and components is vital to ensuring continued operation in the event of failures. The visibility of critical assets and their role in the overall systems are critical for any effective business continuity plan.
- Systems and Networks Exploitation (B-11): Maintaining updated network maps and identifying changes in the network are crucial for preserving network integrity and security. Proper documentation and management of network configurations are necessary, but having automatic ways to identify changes will become essential.
- Malware Protection (B-14): Operators must implement measures to identify and protect against malware threats. This involves using advanced techniques and tools to detect and mitigate malware presence on systems and networks.
- System Integrity for OT Systems (B-25)—Specific measures, such as Intrusion Detection Systems (IDS), should be used to ensure OT systems' integrity. Protecting these critical systems from cyber threats is crucial as they are essential for the safe operation of railway systems.
- Data Flow Restrictions (B-26): Implementing data flow restrictions is necessary to control and secure the transfer of information within and outside the organization. Monitoring and restricting data flows prevent unauthorized access and data leakage. In that sense, when we talk of industrial networks, using an approach based on zones and conduits, such as the one proposed by the standards IEC 62443 and the TS 50701, can prove very helpful.
The Impact on Swiss Rail Operators
The directive proposes specific cybersecurity requirements that Swiss rail operators should comply with to implement their ISMS and safeguard their infrastructure and operations. These measures aim to protect critical railway systems from cyberattacks, ensure the continuity of services, and maintain public trust in the safety and reliability of rail transport.
Complying with the directive will likely involve significant changes in how rail operators manage their cybersecurity. It proposes a proactive approach to cybersecurity, emphasizing continuous monitoring, regular updates, and integration of cybersecurity practices into everyday operations both, for the IT and OT environment and systems.
How Cylus Can Help
The Cylus cybersecurity solution, CylusOne, is uniquely positioned to assist Swiss rail operators in meeting the new CySec Rail Directive requirements. Our advanced cybersecurity solution was designed for the rail industry and provides comprehensive visibility and protection for the entire operational rail environment. With CylusOne, operators can benefit from real-time threat detection, incident response, and continuous monitoring, ensuring compliance with the directive and safeguarding critical infrastructure.
Key Benefits of CylusOne:
- Comprehensive Asset Management: Automatically discover and classify all rail assets, providing a detailed inventory and protecting all assets.
- Network Discovery and Topology Mapping: Visualize network connections and data flows to enhance security and operational efficiency.
- Continuous Threat Detection and Response: Real-time monitoring and rail-specific threat intelligence to detect and mitigate threats promptly.
- Vulnerability and Risk Management: Prioritize and manage vulnerabilities specific to rail operations, ensuring proactive risk mitigation.
- Incident Management: Manage security incidents effectively to minimize disruption and ensure quick recovery.
By partnering with Cylus, Swiss rail operators can confidently navigate the new regulatory landscape, ensuring the security and resilience of their rail networks against evolving cyber threats.
Contact us today to learn more about how CylusOne can help you comply with the CySec Rail Directive and enhance your rail cybersecurity.