The increased risks to light rail operations from cyber-attacks and similar IT threats have been highlighted during recent presentations by the Office of Road and Rail (ORR) to senior sector professionals.

Over the past few months, UKTram has been working with the ORR to raise awareness of the importance of cyber security and the measures needed to protect against a range of criminal activities designed to disable computer systems or steal data.

With their complex IT infrastructure, transport networks provide a tempting target for both hostile foreign agents and criminal gangs, and, as a result, tramways and similar transit systems need to ensure they do all they can to protect themselves.

James Hammett, UKTram Managing Director, explained: “Operators are already required to protect their IT systems under the Network & Information Systems Regulations 2018 (NIS Regs), but light rail operators need to consider the wider impacts of any attacks.

“While the ORR is not responsible for enforcing the legislation, it does expect duty holders to manage the health and safety risks that may result from cyber security failures – for example, overcrowding and signaling failures.”

While physical and cyber security risks are different in detail, the ORR says they are closely related and need to be considered in combination. As a result, operators should manage cyber threats in the same way as any other risk as part of their safety management system.

James added: “We are grateful to the ORR for sharing their insights with us during a presentation to one of our working groups and will continue to work with them to raise awareness of this increasingly important issue.”

Further information on ways rail and light rail operators can protect against cyber-attacks is available here.