• Home
  • Projects
  • Cyber security uplift project for a Victorian based rail organisation
Shutterstock 1334089148 Cut

Cyber security uplift project for rail organisation

Customer requirement 

Current trends in the rail sector suggests cyber-attacks on railways are doubling annually. These attacks are not only targeting core IT systems, but operational systems and connected rail hardware that can result in substantial financial, operational and reputational losses as well as significant safety risks.

A rail organisation in the State of Victoria, Australia, had a requirement for a cyber security uplift for their operational and train control systems (OCS/TCS), aimed at mitigating cyber security vulnerabilities in these critical rail networks

 

Ricardo solution

Ricardo worked with the NCC Group to assess the current network setup, identifying boundary limits, evaluating data flows and providing recommendations for segmentation and security controls. This resulted in a detailed recommendation report and functional specification, enabling the customer to strengthen its cyber security framework while maintaining uninterrupted operations of its rail services.

A key challenge was upgrading the OCS/TCS network without disrupting the safety-critical rail operations. The existing network’s boundary limitations and complex data flows required careful examination to ensure that any cyber security enhancements were implemented seamlessly.

Another challenge was ensuring coordination between the client’s internal stakeholders and external parties to collect essential data, all while maintaining confidentiality of sensitive information. The team needed to provide a robust cyber security solution that minimised operational disruptions while addressing the vulnerabilities within the existing network infrastructure.

 

Customer benefit

With the support of Ricardo's cyber security experts, the client saw significant improvements to their OCS/TCS network security. Ricardo and NCC Group’s comprehensive assessment identified vulnerabilities and provided targeted recommendations for network segmentation, flow restriction, and enhanced security controls.

The final recommendation report and functional specification laid the foundation for the client to progressively implement the necessary cyber security measures, including improvements to data confidentiality, integrity, and overall network resilience. As a result, the client has been able to secure essential infrastructure while maintaining operational efficiency

Client

Victorian based rail operator

Start and end dates

09/2024 - 10/2027

Location

Victoria, Australia

Related case studies

View all case studies

Climate Finance Accelerator Programme

Read case study

Review of Schedule D of the Murray-Darling Basin Agreement

Read case study

Cyber risk assessment for new Hong Kong signalling system

Read case study