Cybersecurity Analysis is a US-based consultancy providing standards-based cyber-security services to agencies and organisations in the rail (freight and passenger), oil and gas, and pipeline sectors.
The company supplies cyber-security services for transit agencies, ensuring applications such as signalling and communications systems are comprehensively reviewed and protected.
Strategic and tactical services for cyber-security risk management
Cybersecurity Analysis fulfils a wide range of cyber-security needs, focusing on the specific risk management challenges inherent in automated control systems, such as industrial or supervisory control and data acquisition systems.
The company helps its clients to build bridges between management, IT, operations and police employees.
It also helps clients to identify and mitigate plausible risks to automation systems, such as positive train control (PTC), communications-based train control (CBTC), automatic train supervision (ATS), and vital systems.
Cybersecurity Analysis offers a range of standards-based services to address the most challenging cyber-security issues. The company’s expertise is with ISO, NIST, APTA, ISA, and IEC standards.
Cybersecurity Analysis’s services cover the following:
- Cybersecurity strategy: selecting a standards-based risk management approach that meets industry best practices and is tailored to clients’ needs
- Governance: defining appropriate processes, checks and balances to keep cyber-security programmes on track
- Risk and vulnerability assessment: providing consistent results by factoring in the likelihood and impact of potential security breaches.
- Defensive architecture: designing defensive architectures to address ever-evolving threats.
- Remediation project: defining and managing projects that remediate security gaps.
Wayside, OCC, signals and communications
Cybersecurity Analysis is a leader in rail cyber-security risk management.
The company understands safety operation-critical systems, having shaped the APTA recommended practices for cyber-security.
Unlike enterprise-only firms, Cybersecurity Analysis understands that cyber risk management comprises both information protection and operational safety concerns. The solutions must address technical issues, processes, and behaviours.
Cyber-security breach prevention
Cybersecurity Analysis addresses security breaches, such as those reported by the DHS, Transportation Security Administration (TSA), the US Computer Emergency Readiness Team (US-CERT) and their Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Cyber-security issues and rail-specific risks
Cybersecurity Analysis’s solutions can help defend its clients from threats performed by hackers. These include signal tampering, vehicle control manipulation, theft of confidential human resources or revenue information, and defacement of announcement boards, websites, or public address systems.
Cybersecurity Analysis is equipped to combat rail-specific challenges, such as geographically dispersed equipment and vulnerable rights-of-way, for vendors and regulators directly connected to railroad IT systems.
Consistent, customisable solutions for rail companies
Cybersecurity Analysis has expertise in systems that control equipment, communications, and signalling. The company uses this knowledge to identify the ‘weak spots’ where processes and IT systems converge.
The company works in tandem with IT departments, as well as signals and communications personnel, to address specific operational challenges.
Cybersecurity Analysis trains its clients’ staff, highlighting each person’s critical role in creating a cyber secure operation. The company aims to create a self-sustaining cyber-security risk management culture for its clients.
Robust cyber-security risk management for rail agencies
The company addresses enterprise systems for HR, revenue collection systems, scheduling, public relations, investor relations, financial and customer information, logistics, supply-chain, legal, office management, real estate, physical security, and police operations.
Cybersecurity Analysis also addresses operational systems, including dispatch, operations control centre (OCC), maintenance yards, communications and control systems, signalling, radio communications, traction power, vital systems, safety-critical systems, operationally-critical systems, CCTV, PTC, CBTC, AVL, fire and life-safety systems, and any other unusual exposures that the operation may have.