Ravinn has proven experience in the Transportation and Rail industry, specifically having been involved in the development of the Australian Rail Cyber Security Standards through the Rail Industry Safety Standards Board (RISSB) Australia (see case study here). As such we were engaged to provide specialist compliance services to a Railway Organisation supporting the design and development of systems for a large-scale rail project across Southeast Queensland.
Due to the complex nature of the project, our team worked with the client for 12 months to ensure that the system being considered for implementation would meet the extensive requirements needed for a successful delivery. We conducted review and design uplift activities to ensure that a robust and resilient design was put forward that exceeds the security level targets for the system under consideration against the many regulatory frameworks, standards and best practices governing the deployment of Operational Technologies within the Critical Infrastructure space.
Key Outputs
-
Uplift of existing design packages providing risk mitigation and management of control verification using a repeatable and streamlined approach.
-
Delivery of system design packages for testing and production environment systems including Factory and Site Acceptance and Integration testing regimes.
-
Validation of security requirements against ISA/IEC 62243-2-1, 3-2 and 3-3 ensuring the system is capable of meeting its desired security level targets for each zone.
Challenge
Engineering projects involve many layers of compliance and complexity especially when there is a convergence of infrastructure between traditional Operational Technologies and Information Technologies. This interconnectivity provides many advances in service design and delivery however this also creates opportunities for new threats and vulnerabilities to emerge. Traditional in-house technologies once dominating the OT realm are becoming more streamlined with common place applications, protocols and products being offered by many vendors that leverage advances such as Artificial Intelligence and Cloud computing technologies.
This blended environment of OT and IT technologies requires unique understanding of the challenges faced in order to provide a secure, robust and resilient system capable of withstanding the most advanced threats. In a rail project, safety of personnel is paramount; for context, Critical Infrastructure security is reliant on providing consistent availability and integrity of services more so than the confidentiality of the underlying service. Albeit confidentiality is still important however specialist care and attention to detail is required to ensure that security controls applied to an environment do not negatively impact on the availability of critical safety implementation systems and services.
Choosing Ravinn
-
Industry Standardised. Our team are experienced in the Critical Infrastructure space and understand your requirements under the SOCI Act to uplift your Cyber Security Management System in line with ISA/IEC 62443 Cyber Security requirements.
-
Risk-based. Every organisation is different, understanding your unique operating environment and those real and relevant threats specific to your organisation should set the context by which your target security levels are estimated and met.
-
Realistic. Achieving security level targets prescribed within ISA/IEC 62443 is not a one size fits all approach and requires a tailored and considered effort. Our team works to your environment and provides considered solutions to your organisational processes and technologies to reduce complexity.
- Proven Ravinn has proven experience in the Transportation and Rail industry, with a key role in the development of the Australian Rail Cyber Security Standards through the Rail Industry Safety Standards Board (RISSB) Australia.