Q: What do you feel are the main issues or trends relating to rail cyber security and what does the future look like?
A: Rail cybersecurity faces challenges. Strong standards exist (e.g. IEC 62443) but translating them into practical project plans needs work. Funding is another hurdle, with both manufacturers and operators needing a long-term view on security investment. Finally, robust software lifecycle management (maintenance, updates, configuration) is crucial for long-term security, requiring clear plans in contracts.
The future? It would be preferable if we could build security requirements built into systems from the start, with lifecycle plans ensuring long-term security. It's complex, but it is achievable.
Q: If you could change one thing about the rail cyber security landscape, what would it be?
A: That’s a hard question. I think it would be to bring people up to a common level of understanding of the challenges faced, because security is not confined to a single part of the rail industry. There are security aspects to virtually all activities that concern the design, supply, operation and maintenance of rail assets. You can really only effect significant change if there’s broad understanding and buy-in from a wide range of stakeholders. I don’t really see that common understanding present today.
Q: What do you enjoy most about working in the rail industry?
A: It’s probably two things in equal measure. The first is I enjoy being part of a large and complex engineering effort, it’s cool to see trains running that you’ve been involved in equipping. I’m an engineer after all, making things is what it’s all about! But second is the environmental aspect. I'm proud to be contributing to an industry that makes a positive impact on the world, whether in urban mobility, for long-distance travel, or for freight. I’m a bit of a transport geek too, which helps! Cars and planes are great (I’ve worked on both in my career so far) but we need to be using them far less than we are today; trains (and bikes!) are better and we should be using them far more.
Q: What is one thing on your bucket list that you still want to do?
A: I don’t really have a bucket list! But I would really love to have the time one day to take on a major long-distance cycle tour and I’ve still never been to South America. So maybe combine the two, and cycle South America from top-to-bottom, that would be pretty awesome!
