Safeguarding Critical Railway Infrastructure with Advanced Cybersecurity Solutions
OT Railway Cybersecurity (OTCS)
Course overview
We offer a one-day workshop, or 6 week modular online course, for engineers, managers and other rail decision makers to learn about the new TS50701 standard. The workshops will help attendees expand their knowledge and make better decisions around the standards and their application in the area of railway cyber security.
This course is based upon the new railway cyber security specific CENELEC standards, TS50701 and best practice from other OT and IT Cyber security standards such as ISO27001, IEC 624423 and the Australian Standard® AS 7770 Rail Cyber Security.
Our CENELEC training provides a complete overview of the important standards, with well-structured presentations and frequent discussion sessions ensuring that attendees get the most from participating.
The railway sector is facing a new challenge: the Network Information Security (NIS) regulations. According to a 2020 survey by the European Union Agency for Cybersecurity (ENISA), only 33% of rail operators of essential services (OES) have fully implemented defensive measures against cyber-attacks, as recommended by NIS regulations. This places their software under serious threat – not to mention their compliance with regulations. When security breaches occur the ripple effect throughout an organisation can be vast, with implications that are both financial and personal. There may also be implications concerning system safety and resilience.
This course is an introduction to the major themes of cyber security and will start you on a journey to the creation of a secure rail operation. You will be able to communicate effectively, make informed trade-offs, assess risk, improve defences, and reduce vulnerabilities in your systems.
The course content is mapped to:
• Industry standard competencies, skills and evidence requirements relevant to rail safety work (see our website for details)
• Industry regulations
• National and international standards
Information is interspersed with practical exercises. There is a short multiple-choice examination at the end to assess the identified learning outcomes.
Key Benefits
- Understanding Cybersecurity Context: Learn the importance of cybersecurity within the railway sector.
- Identifying and Mitigating Threats: Discover how to spot vulnerabilities and implement effective countermeasures.
- Mastering Standards: Get acquainted with key standards like IEC63452,
TS50701, and IEC62443, crucial for managing OT cybersecurity. - Applying Comprehensive Knowledge: Deepen your understanding of how these standards can be applied to enhance cybersecurity across the
railway network.
This training in Rail OT Cybersecurity has been given to the following companies:
Abello, Knorr Bremse, Hitachi, Downer Rail, and others.
Course Outline
Day 1: Core Concepts and Real-World Applications
MODULE 1: Introduction to Cybersecurity in Railway Systems
Overview of cybersecurity principles and their relevance to rail.
MODULE 2: Cyber Security Incidents
Case study analysis of significant cybersecurity incidents.
MODULE 3: Cyber Security Standards and Schemes
Detailed look at important standards influencing the industry.
MODULE 4: Cybersecurity within a Railway Application Lifecycle
Practical application of cybersecurity measures throughout system lifecycles.
Day 2: Advanced Implementation and Case Studies
MODULE 5: Detailed Risk Assessment and Cybersecurity Requirements
Advanced techniques for establishing cybersecurity frameworks.
MODULE 6: Cybersecurity Assurance and System Acceptance
Steps for validating and accepting cybersecurity measures.
MODULE 7: Legacy Systems and Secure Design
Strategies for managing cybersecurity in legacy systems and implementing secure
design principles.
MODULE 8: Conclusions and Practical Examination
Summary of key concepts and a test to evaluate participants’ understanding.
Case Studies
Participants will engage with four detailed case studies throughout the workshop:
• Comprehensive Security Programme: Overview of establishing a full-scale cybersecurity program.
• Rolling Stock Case Study for Legacy Vehicles: Challenges and solutions in securing legacy railway vehicles.
• Developing Secure Devices: Best practices in the design and development of secure railway devices.
• Using Current Standards to Develop Signalling Systems (e.g., ERTMS): Applying standards like ERTMS to enhance signalling systems’ security.
Course Directors
Howard Parkinson
Dr Howard Parkinson is a Chartered Engineer contributing to global standards in railway safety, software and systems engineering. With over 20 years of international experience, he has held senior roles in signalling, rolling stock, infrastructure, and railway systems, including Systems Assurance Manager and Head of Systems Engineering and Safety. His expertise spans metro, tram, and heavy rail, with a focus on safety, compliance, and reliability.
A Fellow of the Institution of Mechanical Engineers (FIMechE) and a member of the Institution of Railway Signal Engineers (MIRSE), Howard holds a doctorate in Mechanical and Aeronautical Engineering from the University of Manchester. Alongside consultancy and research, he delivers specialised training in engineering, safety, risk management, European interoperability, and railway legislation.
Who Should Participate
This course is designed for those involved in the operational security and safety of railway systems, including:
• Railway Business Leaders and Managers
• Railway Inspectors and Legislators
• Safety Professionals and Planners
• IT Professionals and Resilience Specialists
• Railway Engineers
Fundamental Level Recommended Prerequisites
Participants should have a general understanding of engineering and project management principles and practices.
Course Requirements and Certificates
Delegates must meet two criteria to be eligible for an Informa Connect Academy Certificate of Completion:
• Satisfactory attendance – Delegates must attend all sessions of the course. Assessments will be ongoing and based on in-class participation and activities.
If delegates have not attended all sessions, the certificate will clearly state the number of hours attended. In-person delegates will receive a printed certificate and virtual delegates will receive a digital certificate.
Course Availability
Public Course dates TBA.
The below video is an introduction to the Rail OT Cyber Security software, it is currently being revamped and it will be available in May in a blended format.
