Understanding the emerging and constantly evolving threats to the rail is critical to ensure that we provide an efficient and responsive technical solution for the services we operate. We operate within a number of frameworks, most significantly the Network Information Systems (Directive) provided to Operators of Essential Services (OES), and we also feed in elements of both ISO27001 and NIST. The Department for Transport, in conjunction with the National Cyber Security Centre, encourages a mature cybersecurity posture, and closely monitor and assess our assurance levels.
This approach challenges us constantly and places high demands on our enterprise to deliver and maintain a strong cybersecurity posture. Understanding where any actual or potential weaknesses are helped directly apply our resources to protect our systems and maintain confidentiality, integrity, and availability. Often overlooked, recognizing where we have achieved success has also helped to justify continued and future spending to senior management by assuring them that a proactive cybersecurity strategy is worth the investment.
The penetration testing has provided a great deal of insight and visibility into areas that needed improvement while assuring other areas where the business had demonstrated some good practices. The results were well presented via the Platform with the context that allowed the team to define the risk, and if any action would be needed to mitigate or reduce those risks. The level of expertise was fantastic, with identified areas supported by impacts and potential solutions.
Overall, West Midlands Trains are very satisfied with their investment in the SureCloud tech-enabled services and have already recommended SureCloud to a number of partners based on the work conducted. West Midlands Trains are passionate about managing an effective cybersecurity program and the business will continue to work with SureCloud in the future.