CyberRail, meaning no one knows anything

In the fall of last year, railway connections from Wrocław to Świdnica via Sobótka were to start. The inhabitants of Wrocław know what this connection is and why it is so “iconic” – especially for (formerly) young people. I went for a walk and have a look, these are the newly built stops:

Photo: Stary Wrocek, 29-04-2022

The delay is considerable, but I have no complaints about it. There was a lot of work and delays can happen with such large projects. Well, you might not have promised such optimistic terms, but in politics – as we all know – everyone has to promise otherwise they will be mistaken for a loser.

There is, however, a more serious matter: cybersecurity in the rail sector.

The Standing Committee of the Council of Ministers recently (at the end of March) approved the draft of a new one amendment the Act on the National Cybersecurity System. IN “Justification of the Amendment …“Of March 15, 2022 we read (my emphasis):

The act, shaping the national cybersecurity system, made it possible to start work on its further development. The experience gathered during the two years of operation of the system in Poland shows the need to introduce solutions that require changes at the statutory level.
(….)
In the context of increasing the level of cybersecurity, the issue of access to expert knowledge on cyber threats is of key importance. So far, only one information exchange center between entities of the national cybersecurity system has been established in Poland – ISAC (Information Sharing and Analysis Center)
.

By the way, I got the opinion of one of the most prominent (very well-known) lawyers – a constitutionalist regarding this amendment. I love when lawyers speak up on cybersecurity matters. They prove effectively that they don’t understand what’s going on. But that’s a topic for another note.

One of the earlier amendments to the Act on the National Cybersecurity System was introduced possibility (but not the obligation) to create the so-called Sectoral ISAC. The information exchange center mentioned in “Justification of the amendment … “is” ISAC-Kolej “- formed within the structures of the railway sector.

October 26, 2020 of the year, PKP SA published a message in which we read (my emphasis):

Railway companies together with the Railway Institute and NASK – the National Research Institute signed an agreement on the establishment of the ISAC-Kolej Information Exchange and Analysis Center. This is the first venture of this type in Poland.
The main goals behind the establishment of ISAC – Railway (ISAC – Information Sharing and Analysis Center) is the constant exchange of knowledge and experience in the field of cybersecurity incidents between the entities participating in the project. Such action will contribute to increasing the level of safety in rail transport through the development of consistent standards, good practices, policies and procedures in this area. and will improve cooperation with national and international cybersecurity teams.
(…)
The initiative is also of key importance for the operation of the entire railways, as it contributes to increasing the resistance to cyber threats of ICT systems used by rail transport. Increasing the level of IT security will contribute to increasing the overall safety of the critical rail infrastructure, which includes railway line management, passenger and freight transport.

Source: https://www.pkp.pl/pl/pkp-aktualnosci/2800-grupa-pkp-zwieksza-poziom-cyberbezpieczenstwa

So, journeys from Wrocław to Świdnica (and back) are (will) also be of interest to railway cybersecurity experts. I think so and it should be …

The railway entities involved in the creation of ISAC-Kolej include:
•    PKP S.A.
•    PKP Intercity S.A.
• PKP CARGO SA
• PKP Informatyka Sp. z o. o
• PKP Linie Hutnicza Szerokotorowa Sp. z o. o
• PKP Szybka Kolej Miejska w Trójmieście Sp. z o. o
• PKP Polskie Linie Kolejowe SA

On the occasion of the establishment of ISAC-Kolej, the Minister of Infrastructure took the floor:

The signing of the ISAC-Kolej agreement is an important step towards strengthening cybersecurity in the railway sector, which is one of the strategic branches of the economy. That is why I am so happy that railway companies have taken the initiative in this regard. Ensuring the security of ICT networks in the modern world is the basis and an important area of ​​cooperation, especially since the number of incidents and attacks on them is constantly growing

Source: https://cyberpolicy.nask.pl/aktualnosci/powolano-isac-kolej/

The then Deputy Minister of State Assets – Janusz Kowalski also took the floor:

The signed agreement is a significant step towards increasing the security of ICT networks in the entire railway industry. It is also proof that companies from the PKP Group attach great importance to the prevention and fight against cybercrime, thus ensuring greater security of transport and the functioning of the infrastructure. Thanks to such initiatives, passengers of Polish trains can travel with a sense of security


Source: Salon24.pl: Strona główna by www.salon24.pl.

*The article has been translated based on the content of Salon24.pl: Strona główna by www.salon24.pl. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!