Skip to main content
All Posts By

digitalrailwp

Celebrating Our ISO 9001:2015 Certification Journey with BSI

We are pleased to announce that we have been certified by the British Standards Institution (BSI) against the ISO 9001:2015 Standard. This milestone marks an important step in our company’s evolution from a service-based organisation to a product-focused enterprise. Our commitment to quality has been recognised by one of the most reputable certification bodies in the industry.

A Commitment to Quality

Transitioning from a non-UKAS certified certification body to BSI was a strategic decision aimed at enhancing the credibility and robustness of our Quality Management System (QMS). The ISO 9001:2015 certification is a globally recognised standard for quality management, ensuring that organisations consistently meet customer and regulatory requirements while striving for continuous improvement.

The Audit Experience

The audit process conducted by BSI was comprehensive and meticulous. Our auditor demonstrated extensive knowledge of quality systems, thoroughly evaluating our processes and practices. The detailed assessment was instrumental in identifying areas for improvement and reinforcing our strengths. This rigorous evaluation has provided us with valuable insights, enabling us to refine our quality management practices further.

Embracing Change

As we continue our transformation from a service company to a product company, achieving ISO 9001:2015 certification reflects our dedication to quality. This certification is not just a milestone but a confirmation that we adhere to high standards of quality management, fostering trust and confidence in our offerings.

Looking Ahead

We are proud of this accomplishment and the efforts our team has put into achieving this certification. It highlights our commitment to continuous improvement. Moving forward, we will use the insights gained from the BSI audit to enhance our processes and deliver greater value to our customers.

Gratitude and Commitment

We extend our thanks to our team for their hard work and to BSI for their rigorous and informative audit process. This certification is an important step in our journey, reaffirming our commitment to maintaining a robust Quality Management System. We are optimistic about the future and the opportunities that lie ahead, confident that our QMS will continue to drive our success and customer satisfaction.

By sharing our certification journey and the thorough process involved, we aim to highlight our commitment to quality. Achieving ISO 9001:2015 certification is about fostering a culture of continuous improvement and excellence. We are excited to embark on this next chapter and appreciate the support and trust of our customers and stakeholders.

For more information about BSI and ISO9001 certification, please visit the BSI’s website.

Contact: Digital Transit Limited
Website: www.digitaltransit.co.uk
Email: info@digitaltransit.co.uk

Digital Transit Limited Participates in Secure Innovation Security Review Pilot Scheme

Digital Transit Limited, a leading AI-focused company, recently took part in the Secure Innovation Security Review Pilot Scheme, a joint initiative by the National Protective Security Authority (NPSA) and the National Cyber Security Centre (NCSC). This comprehensive review was conducted by Atkins Realis.

Comprehensive Security Assessment by Experts

The assessment evaluated Digital Transit Limited’s preparedness against a variety of security threats, including insider threats, cyber vulnerabilities, and physical security. Key findings from the review highlighted the following strengths:

  • Comprehensive Security Policies: Robust policies are in place to manage security effectively.
  • Strong Security Culture: A proactive approach to security permeates the company.
  • Cyber Security Management: The company excels ensuring automatic software updates, firewalls, and two-step verification are implemented.

Areas for Improvement and Action Plan

Despite these strengths, the review identified areas needing enhancement, which have been promptly incorporated into the Quality Manual:

  • Dedicated Security Lead: The review suggested nominating a committed security lead to ensure all protocols are followed.
  • Proactive Monitoring: The review also suggested implementing logging and protective monitoring, developing a Cyber Incident Response Plan, and considering cyber insurance.

Strengthening Partnerships and Security Protocols

The review also addressed secure partnerships, recommending that Digital Transit Limited ensure future partners handle information securely and include security clauses in contracts. These recommendations have been taken on board as part of our continuous improvement efforts.

Commitment to Long-term Security and Success

Digital Transit Limited’s participation in this security review underscores their commitment to safeguarding their business. By addressing the identified improvements, they are set to enhance their security defences, protect valuable assets, and secure a competitive edge in the tech industry.

Acknowledgements

We extend our gratitude to Atkins Realis for their professional assessment, and to the National Protective Security Authority (NPSA), the National Cyber Security Centre (NCSC), and Innovate UK for their support and funding.

Contact: Digital Transit Limited
Website: www.digitaltransit.co.uk
Email: info@digitaltransit.co.uk

Digital Transit Limited Achieves Cyber Essentials Plus Certification

Digital Transit Limited (DTL) is proud to announce its recent successful assessment for Cyber Essentials Plus. This achievement marks a significant milestone in the company’s commitment to cybersecurity, building upon its existing Cyber Essentials certification. By attaining Cyber Essentials Plus, DTL has elevated its cybersecurity credentials, further ensuring the protection of its digital infrastructure and sensitive data.
What is Cyber Essentials Plus?

Cyber Essentials Plus builds on the Cyber Essentials framework by adding independent validation from an accredited third party. This advanced certification requires organizations to implement the same fundamental protections as Cyber Essentials but includes an audit to ensure these measures are effective against common threats. This audit provides assurance that the security measures are properly implemented and functional in a real-world environment.

The Importance of Cyber Essentials Plus

For DTL, achieving Cyber Essentials Plus signifies a robust commitment to maintaining a secure digital environment. The hands-on verification process provides an extra layer of assurance that DTL’s cybersecurity measures are both comprehensive and effective. This not only protects the company’s data and systems but also instils greater confidence in clients and partners who rely on DTL’s services.

A Collaborative Effort

The successful assessment for Cyber Essentials Plus was made possible through the professional evaluation conducted by Cyber Securities UK. Their expertise ensured that DTL met all the requirements of the certification.

NCSC’s Funded Cyber Essentials Programme

DTL’s journey to Cyber Essentials Plus certification was also facilitated by the National Cyber Security Centre (NCSC) through their funded Cyber Essentials Programme. This initiative is focused on supporting small organisations with low levels of cyber maturity that handle sensitive data and would be significantly impacted by cyber disruptions. By offering Cyber Essentials Plus at no cost to high-risk sectors, the NCSC aims to enhance the overall cybersecurity posture across critical industries.

Looking Ahead

With Cyber Essentials Plus certification, DTL is better equipped to handle the complexities of modern cyber threats. This achievement not only reinforces the company’s commitment to cybersecurity but also sets a benchmark for other organisations in the sector. As DTL continues to grow and innovate, maintaining robust cybersecurity measures will remain a top priority, ensuring the safety and reliability of its services.

For more information about the Cyber Essentials Programme and the importance of cybersecurity, please visit the NCSC’s Cyber Essentials Overview and the Funded Cyber Essentials Programme.

Contact: Digital Transit Limited
Website: www.digitaltransit.co.uk
Email: info@digitaltransit.co.uk

Dr Howard Parkinson Joins the IEC PT 63452 Committee

We are pleased to announce that Howard, a valued member of our team at Digital Transit, has joined the International Electrotechnical Commission (IEC) committee TC/9 PT63452. This committee is dedicated to establishing standards that enhance cybersecurity in railway operational technology (OT).
Howard will participate in his first committee meeting next month in Helsinki.
The role of cybersecurity in protecting railway systems is becoming increasingly critical as these systems grow more interconnected and technologically sophisticated. The PT63452 committee’s work is vital in developing standards that aim to safeguard these systems against potential cybersecurity threats, thereby ensuring the reliability and safety of railway operations.
Howard’s role in the PT63452 committee will involve contributing his expertise in railway technology and cybersecurity. This is an opportunity to contribute actively to the advancement of cybersecurity measures in the railway industry.
Digital Transit supports Howard’s involvement in the PT63452 committee, recognising the importance of contributing to global standards that impact the safety and efficiency of railway operations. His participation also reflects our commitment to staying informed about developments in technology and regulations that affect the railway sector. We believe his expertise will be a valuable addition to the committee’s work.
For those interested in the specific objectives and ongoing projects of the PT63452 committee, further information can be found in the detailed document available here and additional insights into the committee’s impact on railway cybersecurity standards can be read here.

Embracing the Future: Unpacking the New IEC 63452 Railway Cybersecurity Standard






Unpacking the New IEC 63452 Railway Cybersecurity Standard


Embracing the Future: Unpacking the New IEC 63452 Railway Cybersecurity Standard

Published on:

The introduction of the IEC 63452 standard next year will represent a crucial update in the realm of railway systems cybersecurity. This standard will replace the current Technical Specification, TS 50701, enhancing and expanding the framework to better address today’s cybersecurity challenges within the railway industry.

Detailed Cybersecurity Framework

IEC 63452 introduces a more specific cybersecurity framework designed for railway applications. It emphasises continuous monitoring and cybersecurity assurance, allowing railway operators to respond more effectively to changing threats. The standard organises vulnerability management in a structured way, ensuring timely identification and mitigation of security vulnerabilities to protect critical infrastructure.

Cybersecurity in Railway Systems

Enhanced Risk Management

IEC 63452 offers detailed methodologies for risk assessment, advancing beyond the broader guidelines of TS 50701. It includes classification of different areas within the railway system based on their security needs, facilitating targeted and efficient security measures.

Integration of Safety and Security

IEC 63452 integrates the management of safety and security considerations, encouraging a combined approach to engineering these aspects to improve overall system integrity and reliability. The standard promotes measurable security measures providing a framework to evaluate security effectiveness. In continuation of the approach and improving it.

High-Speed Train with Cybersecurity Elements

The standard provides a comprehensive approach to managing cybersecurity within railway systems, adhering to the guidelines of IEC TC 9 and applicable across all relevant sectors within the railway industry.

It integrates the requirements from the IEC 62443 series, which are specifically designed for cybersecurity, and adapts these for the railway application domain. This includes a detailed application of cybersecurity standards and instructions on interfacing these standards with the general reliability, availability, maintainability, and safety (RAMS) lifecycle as outlined in the IEC 62278 series.

The standard ensures synchronization among various stakeholders by defining their responsibilities and presenting the security assumptions clearly. It also outlines how these cybersecurity protocols can be applied to other lifecycle processes.

Compliance with IEC 62443-2-1:2010 is maintained, providing security models, concepts, and a risk assessment process specifically tailored for the railway sector. This approach helps identify and manage residual risks associated with security threats to a level that is acceptable for railway operators and infrastructure managers.

The primary goal of the standard is to offer support and guidance for protecting critical aspects of railway Systems under Consideration (SuC) such as safety, operations, financial interests, reputation, regulatory compliance, and social stakes against cyber-attacks and the unintended consequences of configuration or maintenance activities.

Additionally, the standard provides guidance on cybersecurity assurance during the build phase of SuCs and offers recommendations for security management during the operational and maintenance phases.

It is important to note that while the standard provides a robust framework for cybersecurity and its integration with safety, it does not set forth any specific safety requirements or constraints on safety cases for railway systems. Instead, it guides on how cybersecurity measures relate to safety protocols.

Lifecycle Management

The standard provides comprehensive guidelines that span the entire lifecycle of railway systems, from installation to decommissioning. This approach ensures that cybersecurity is an integral part of every stage in a system’s lifecycle, enhancing the long-term sustainability and security of railway operations.

Future Implications

The adoption of IEC 63452 is a useful step towards addressing the complex cybersecurity issues currently facing the railway industry. By establishing a robust framework that incorporates risk management, and integrates safety and security throughout the system’s lifecycle, IEC 63452 aims to set a new standard for railway cybersecurity globally.


Digital Transit Limited Leverages Key Funding to Elevate Cybersecurity Practices






Digital Transit Limited’s Cybersecurity Initiatives


Digital Transit Limited Leverages Key Funding to Elevate Cybersecurity Practices

Published on:

Digital Transit Limited, a UK-based company at the forefront of Artificial Intelligence technology development, has recently secured two critical sources of funding aimed at significantly enhancing its cybersecurity framework. Already holding the Cyber Essentials qualification, Digital Transit Limited is poised to elevate its cybersecurity measures to the next level with the Cyber Essentials Plus certification through the Funded Cyber Essentials Programme run by IASME and funded by the National Cyber Security Centre (NCSC).

Futuristic Train

Stepping Up to Cyber Essentials Plus

Cyber Threats in Futuristic City

The Cyber Essentials Plus certification offers a robust upgrade from the basic Cyber Essentials accreditation, providing an external validation of the company’s cybersecurity defences. This advanced certification ensures a higher level of security assurance, essential for protecting against common cyber threats such as hacking, phishing, and password guessing. The move not only boosts Digital Transit Limited’s defence mechanisms but also enhances customer trust and positions the company favourably within sensitive supply chains and government contracts.

  • Enhanced Cybersecurity: External testing of security measures for a higher assurance level.
  • Risk Management: Effective strategies to shield against prevalent cyber threats.
  • Customer Confidence: Demonstrates a serious commitment to cybersecurity.
  • Supply Chain Security: Meets the requirements for handling UK government contracts.
  • Insurance Incentives: Potential for lower insurance premiums due to recognized security standards.
  • Continuous Improvement: Promotes ongoing updates and enhancements to security practices.

Secure Innovation: A Groundbreaking Pilot Scheme

In addition to the cybersecurity upgrade, Digital Transit Limited is participating in the “Secure Innovation” pilot scheme, a groundbreaking initiative in collaboration with the National Protective Security Authority (NPSA), Innovate UK, and the NCSC. This scheme addresses the growing security threats faced by the UK’s emerging tech industry, offering a strategic approach to fortify security measures across various dimensions, including cyber, physical, personnel, and supply chain risks.

  • Comprehensive Security Enhancement: Implements vital security measures to protect assets.
  • Support Business Growth: Enhances the company’s security posture to attract investors and customers.
  • Encourage Compliance and Best Practices: Guides tech companies to adhere to stringent security standards.
  • Financial Support for Security Reviews: Provides part-funding, reducing financial barriers for startups.
  • Develop Security Skills: Builds internal security capabilities through professional guidance.
  • Continuous Improvement: Ensures the evolution of security practices with business growth.
Offshore Wind Farm at Sunset


Cybersecurity Innovate UK Competition Won by Digital Transit Limited

Cybersecurity Innovate UK Competition Won by Digital Transit Limited

Digital Transit Limited (DTL) are delighted to announce that they have won an Innovate UK competition. It is a 3-year project with our partners, the Institute of Railway Research (IRR) at Huddersfield University and Heron Technology in Singapore. Total project costs are around £500k to develop cybersecurity resilience in rail.

The project is entitled “Tools and Techniques for Operational Technology Cyber Security Compliance in the Railway”

DTL want to connect with railway regulators, operators, and systems integrators to get them involved. DTL want to establish a body of knowledge for this potentially daunting challenge the railway faces as critical infrastructure.

 

 

Diagram showing the interaction between cybersecurity regulations, standards, and OT/IT. Our project will help the railway navigate this system.

Digital Transit passes Cyber Essentials Assessment

Digital Transit passes Cyber Essentials Assessment

Digital Transit Limited have passed the Cyber Essentials (Montpellier) and have been re-certified for Cyber Essentials. The assessment is organised by the IASME Consortium using the certification body AMSA.

Cyber Essentials is an effective, UK Government- NCSC (National Cyber Security Centre) backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.

Digital Transit Limited are committed to ensuring world class cyber security in the railway industry. We offer a one-day workshop, or 6-week modular online course for engineers, managers and other rail decision-makers to learn about the new TS50701:2023 standard.

Get in touch for more information about our services and discover what we can do to help you.

DTL receive funding for Global Business Innovation Programme (GBIP) – Cybersecurity in Australia

DTL receive funding for Global Business Innovation Programme (GBIP) - Cybersecurity in Australia

Digital Transit Limited (DTL) has successfully received funding for the Global Business Innovation Programme (GBIP) Cybersecurity – Australia.

In October, Dr Howard Parkinson will visit Sydney, Melbourne, and Adelaide to establish research and development, coordination and collaboration between Australia and the UK. The focus will be on railway Operational Technology (OT). The goal is to help develop a body of knowledge, tools, and techniques for this important and growing industry.

Further details regarding the GBIP scheme can be found on the Innovate UK website – https://www.innovateukedge.ukri.org/gbip

DTL are experts in OT Cybersecurity in Rail, and offer a one-day workshop, or 6-week modular online course for engineers, managers and other rail decision-makers to learn about the new TS50701 standard.

Get in touch for more information about our services and discover what we can do to help you.

CENELEC releases updated TS50701:2023 OT Railway Cyber Security Technical Specification

CENELEC releases updated TS50701:2023 OT Railway Cyber Security Technical Specification

CENELEC has just released TS50701:2023 with some significant changes. Digital Transit has already incorporated these into their Railway Cybersecurity OT courses.

TS50701 is a technical specification that adapts the cybersecurity industrial control standard IEC62443 to the railway for Operational Technology (OT). In railways, OT Technology includes reliability and safety critical systems such as signalling, SCADA, door systems, brakes, etc.

A critical issue is that IT and OT should be separated and that safety and cybersecurity have complementary goals but must be treated differently – though totally coordinated.

Interested in learning more? Get in touch for more information about our services and discover what we can do to help you.