Search within Atkins website
More specific search? Try these
Angles publication platform
Create PDF document
Add web pages to PDF bundle for download
How to use PDF generator
Pages in bundle
View / Manage bundle
20 May 2015
There have been a number of articles in the media recently highlighting the potential risks arising from implementing the European Rail Transport Management System (ERTMS) in the UK. ERTMS is the system that replaces traditional mechanical signalling systems with the IP-enabled systems.
The benefits of implementation are clear as it:
Of course if the control systems are managed across an IP network that is ultimately connected to the Internet then there is risk of compromise. The potential exists for someone to attempt to break in, whether they are hobbyist hackers, disaffected rail users or state-sponsored terrorists. The BBC recently quoted Professor David Stupples of City University pointing out that a hacker could cause a “nasty accident” or “major disruption.”
The vulnerabilities that could compromise ERTMS also threaten control systems managing infrastructure across the world, yet incidents to date have been few and far between. Furthermore control systems are not the only business management systems under threat as the ever growing reach of the Internet of Things (IoT) and Bring Your Own Device (BYOD) policies provide just as great a potential challenge.
Yet these threats and risks can all be mitigated. Good design lies at the heart of good security. While the ERTMS system is already complete, we do still have the opportunity to make sure the design of the systems around it and the way that people interact with them is effective.
An effective cyber security programme needs to be holistic; to consider risk from an organisational perspective. In this context, considering the risks to control systems as well as traditional enterprise IT is absolutely critical.
It also needs to consider employees and employee behaviours. Professor Stupples pointed out the potential impact of a disaffected employee taking maleficent action, yet in reality the consequences of discovery will be a significant deterrent to most. The greater risk is the prospect of unwitting employee behaviours resulting in vulnerabilities that could be exploited by outsiders. An assessment of employee risk should be used to identify particular areas of risk and specific targets for training. Comprehensive communications and training programmes can support this.
Ultimately, we can’t step away from building a more modern, efficient and effective infrastructure out of fear of the consequences. Avoiding a major security breach is a matter of careful threat and risk assessment, thorough vulnerability analysis and implementation of a planned programme of mitigation and protective measures. By embracing this approach we can safely leverage the benefits of implementing the most modern technology.
Local contacts in our regional offices can be found in the Locations section.
Local language websites exist for Denmark, Sweden, Norway and Asia Pacific. To see a full list of our websites, go to the Our websites page.
In the Sector and Service part of the website, relevant regional contacts have been identified.
Faithful+Gould is a member of the Atkins group of companies.
Register for our news alerts and receive the latest news and events
Connect with us
Most computers will open PDF documents automatically, but you may need to download Adobe Reader.