Armando Mancheño Pita

Senior Consultant, Cyber Security

Rail Systems Australia

Armando is a Chartered Engineer, and GICSP and GCCC certified cyber security professional with over ten years’ experience in the rail sector. He has been involved in railway communications and SCADA in Spain and in the UK and, in 2017, he was appointed Senior Cyber Security Analyst at Transport for London (TfL) in the UK. During his time at TfL, Armando carried out the role of cyber security lead and advisor for the Crossrail project. His knowledge and experience in rail communications and rail systems helped him to analyse and recommend appropriate, proportionate and cost-effective cyber security controls covering all aspects of the system lifecycle. Armando has a wealth of experience in rail communications, SCADA and cyber security and has carried out roles as designer, project engineer and asset engineer.

Real-world cyber security challenges in rail systems

The use of standardised technology and interconnecting systems has increased in the Operational Technology (OT) realm in the last twenty years. This brings about great benefits such as cost reduction, interoperability and operational and asset management efficiency however, it comes at a price: the risk of cyber-attacks.

There are international standards and guides that define and advise how to build a cyber security capability. These documents cover a wide range of topics and can be eye-opening for organisations to realise that cyber security is not limited to technical controls. People and processes are also part of the equation.

But what are the real-world challenges that organisations face to implement and maintain a cyber security capability? This paper addresses this issue focusing on rail systems and taking as reference the National Institute of Standards and Technology (NIST) cyber security framework.