“...In the railroad industry, and more specifically in the passenger railroad industry, we have the unique challenge of managing risk and operational technology that securely moves trains and safely delivers our passengers to their destination.” // Jesse Whaley, CISO, Amtrak
While you may know Amtrak as a transportation company that operates intercity passenger rail service in the United States, it’s also the owner and operator of critical infrastructure, including transportation, energy, emergency services, real estate, construction, and technology. Amtrak is also committed to ensuring its operations' resiliency while providing robust cybersecurity capabilities. To achieve this goal, Amtrak has adopted the NIST Cybersecurity Framework and incorporated other industry frameworks into its daily operations.
Join Jesse Whaley, CISO of Amtrak, as he breaks down the key to a successful cybersecurity strategy at Hack the Railroad hosted by MISI and Cylus. Whaley explains that it is to focus on three foundational elements: people, processes, and technology. Teams must have the right resources and talent to deliver their objectives, and processes must be repeatable, sustainable, and well-documented.
Regarding technology, Amtrak aims to incorporate cybersecurity natively by design wherever possible but will use platform-based approaches when needed. Whaley discusses that regarding the platform approach in operational technology, there are only a few solutions in this space, and even fewer are rail-specific spaces.
Watch Jesse Whaley discuss securing passenger safety from a cybersecurity perspective.