Name: Cybersecurity in rail: Protecting the industry's biggest assets
Uploaded: 2023-11-03T02:27:58.552Z
Duration: 276.88
Description: Join key cyber director from the Department of Home Affairs, Shilpa Maniar, as she shares the keys to protecting critical cyber infrastructure in the rail industry. Shilpa explores the unique challenges of safeguarding operational technology, communication systems, and how to manage the risks around that.

Shilpa Maniar 2.mp4

Shilpa Maniar.vtt

Subtitles

{{00:00:11}}
Cyber criminals don't discriminate.

{{00:00:13}}
They will target any vulnerability.

{{00:00:15}}
So if you think about the criticality
of the rail sector, the rail sector

{{00:00:22}}
provides high volume passenger services.

{{00:00:26}}
It provides critical, commercial supply
chain services, which makes it a high

{{00:00:31}}
value target for criminals, terrorists,
maligned foreign actors and other

{{00:00:37}}
malicious elements seeking to do harm.

{{00:00:40}}
The entire rail network really
is an asset, but if you think

{{00:00:51}}
about some of the key things that
might be a particular target.

{{00:00:54}}
The increasing use of operational
technology, communication systems,

{{00:01:01}}
distribution of other critical
infrastructure in Australia.

{{00:01:06}}
So distribution of critical
fuel supplies, for example.

{{00:01:09}}
These are all of the things that
we need to think about and that's

{{00:01:12}}
not even starting to think about,
automated ticketing and booking

{{00:01:17}}
systems which hold high volumes
of personal data, financial data.

{{00:01:22}}
These are all the types of issues
that are unique to the rail

{{00:01:27}}
sector that need to be considered.

{{00:01:36}}
The Department of Home Affairs is, and
the Cyber and Infrastructure Security

{{00:01:40}}
Centre in particular is a regulator.

{{00:01:43}}
A best practice regulator
and a partner with industry.

{{00:01:46}}
We do have a regulatory framework that's
designed to uplift prevention and response

{{00:01:53}}
activities across private industry,
but we also partner with industry to

{{00:01:59}}
give them the tools that they need.

{{00:02:01}}
So for example in our legislation,
the security critical infrastructure

{{00:02:06}}
act, we have what's called the
critical infrastructure risk

{{00:02:09}}
management program obligation.

{{00:02:11}}
And that acknowledges that businesses
are best placed to understand the

{{00:02:16}}
risks to their business and are best
placed to consider what mitigations

{{00:02:21}}
are appropriate to manage those risks.

{{00:02:24}}
But how we support that is we
have a number of channels where we

{{00:02:29}}
share information on   the latest
trends, risk advisories, alerts.

{{00:02:36}}
So those channels include
our website, www.cisc.gov.au.

{{00:02:43}}
We're also on social media on Twitter
and LinkedIn where we distribute

{{00:02:47}}
a lot of our alerts and products.

{{00:02:56}}
Obviously the greater cyber surface
area you have, the greater level

{{00:03:01}}
of cyber risk and the different
risks that you need to consider.

{{00:03:05}}
But that doesn't mean that you
should shy away from new technology.

{{00:03:09}}
Really it's a matter of understanding
what those risks are and  implementing

{{00:03:15}}
appropriate mitigations where you can to
eliminate risk, but where you can't to

{{00:03:21}}
mitigate and to consider what will you do,
should that risk be realized to mitigate

{{00:03:29}}
the possible impacts of those risks.

{{00:03:39}}
Absolutely.

{{00:03:39}}
Connect with us.

{{00:03:40}}
Connect with us on social media.

{{00:03:43}}
Join the TISN, Trusted
Information Sharing Network.

{{00:03:47}}
Speak to an outreach officer.

{{00:03:48}}
So we operate a network of cyber and
infrastructure security outreach officers

{{00:03:52}}
that are located in Brisbane, Perth,
Melbourne, Adelaide, and Sydney, and they

{{00:03:58}}
service all of the states and territories.

{{00:04:00}}
They work very closely with
business, particularly the critical

{{00:04:04}}
infrastructure owners and operators
and their supply chain entities to

{{00:04:09}}
provide information on cyber uplift.

{{00:04:14}}
The Australian Cyber Security
Centre also has a partnership

{{00:04:17}}
program and there are resources
available on both www.cyber.gov.au

{{00:04:25}}
as well as www.cisc.gov.au.

So if you think about the criticality
of the rail sector, the rail sector

It provides critical, commercial supply
chain services, which makes it a high

value target for criminals, terrorists,
maligned foreign actors and other

The entire rail network really
is an asset, but if you think

about some of the key things that
might be a particular target.

The increasing use of operational
technology, communication systems,

distribution of other critical
infrastructure in Australia.

So distribution of critical
fuel supplies, for example.

These are all of the things that
we need to think about and that's

not even starting to think about,
automated ticketing and booking

systems which hold high volumes
of personal data, financial data.

These are all the types of issues
that are unique to the rail

The Department of Home Affairs is, and
the Cyber and Infrastructure Security

A best practice regulator
and a partner with industry.

We do have a regulatory framework that's
designed to uplift prevention and response

activities across private industry,
but we also partner with industry to

So for example in our legislation,
the security critical infrastructure

act, we have what's called the
critical infrastructure risk

And that acknowledges that businesses
are best placed to understand the

risks to their business and are best
placed to consider what mitigations

But how we support that is we
have a number of channels where we

share information on   the latest
trends, risk advisories, alerts.

So those channels include
our website, www.cisc.gov.au.

We're also on social media on Twitter
and LinkedIn where we distribute

Obviously the greater cyber surface
area you have, the greater level

of cyber risk and the different
risks that you need to consider.

But that doesn't mean that you
should shy away from new technology.

Really it's a matter of understanding
what those risks are and  implementing

appropriate mitigations where you can to
eliminate risk, but where you can't to

mitigate and to consider what will you do,
should that risk be realized to mitigate

Join the TISN, Trusted
Information Sharing Network.

So we operate a network of cyber and
infrastructure security outreach officers

that are located in Brisbane, Perth,
Melbourne, Adelaide, and Sydney, and they

service all of the states and territories.

They work very closely with
business, particularly the critical

infrastructure owners and operators
and their supply chain entities to

The Australian Cyber Security
Centre also has a partnership

program and there are resources
available on both www.cyber.gov.au

Connect Rail

Expert Insight

Join key cyber director from the Department of Home Affairs, Shilpa Maniar, as she shares the keys to protecting critical cyber infrastructure in the rail industry. Shilpa explores the unique challenges of safeguarding operational technology, communication systems, and how to manage the risks around that.