transport-cybersecurity.com Open in urlscan Pro
217.26.53.20  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Toggle navigation
 * Index
 * Cybersecurity Training
 * NIS 2 Training
 * Board Training
 * Links
 * Airline Cybersecurity
 * Railway Cybersecurity
 * Maritime Cybersecurity
 * Cyber Risk GmbH
 * Impressum







CYBERSECURITY TRAINING FOR THE TRANSPORT AND LOGISTICS INDUSTRY



Transport cybersecurity

Cyber Risk GmbH is monitoring the cybersecurity developments in three major
areas:

1. The commercial and private aviation industry.

2. The railway industry.

3. The maritime industry.

--------------------------------------------------------------------------------

Cybersecurity challenges in the commercial and private aviation, the railway
industry and the maritime industry.

In the European Union, we have two major developments:

- the Network and Information Security Directive (NIS 2), that replaces and
repeals the NIS Directive (Directive 2016/1148/EC). NIS 2 will improve
cybersecurity risk management and will introduce reporting obligations across
sectors such as energy, transport, health and digital infrastructure.

In Annex I (Sectors of High Criticality), we find that the transport sector
(air, rail, water and road subsectors) are in the scope of the NIS 2 Directive.

- the Critical Entities Resilience Directive (CER). It covers 11 sectors:
energy, transport, banking, financial market infrastructures, health, drinking
water, wastewater, digital infrastructure, public administration, space and
food.


In the USA, President Biden signed into law the Cyber Incident Reporting for
Critical Infrastructure Act of 2022 (CIRCIA). Enactment of CIRCIA marks an
important milestone in improving America’s cybersecurity by, among other things,
requiring the Cybersecurity and Infrastructure Security Agency (CISA) to develop
and implement regulations requiring covered entities to report covered cyber
incidents and ransomware payments to CISA. These reports will allow CISA to
rapidly deploy resources and render assistance to victims suffering attacks,
analyze incoming reporting across sectors to spot trends, and quickly share that
information with network defenders to warn other potential victims.

CIRCIA includes a number of requirements related to the required reporting and
sharing of covered cyber incidents, to include the following:

- Cyber Incident Reporting Requirements: CIRCIA requires CISA to develop and
issue regulations requiring covered entities to report to CISA any covered cyber
incidents within 72 hours from the time the entity reasonably believes the
incident occurred.

- Federal Incident Report Sharing: Any federal entity receiving a report on a
cyber incident after the effective date of the final rule must share that report
with CISA within 24 hours. CISA will also have to make information received
under CIRCIA available to certain federal agencies within 24 hours.

- Cyber Incident Reporting Council: DHS must establish and Chair an
intergovernmental Cyber Incident Reporting Council (Council) to coordinate,
deconflict, and harmonize federal incident reporting requirements.

CIRCIA additionally authorizes or requires a number of initiatives related to
combatting ransomware, to include the following:

- Ransom Payment Reporting Requirements: CIRCIA requires CISA to develop and
issue regulations requiring covered entities to report to CISA within 24 hours
of making any ransom payments made as a result of a ransomware attack. CISA must
share such reports with federal agencies, similar to above.

- Ransomware Vulnerability Warning Pilot Program: CISA must establish a pilot to
identify systems with vulnerabilities to ransomware attacks and may notify the
owners of those systems.

- Joint Ransomware Task Force: CISA has announced the launch of the Joint
Ransomware Task Force in accordance with the statute to build on the important
work that has already begun to coordinate an ongoing nationwide campaign against
ransomware attacks. CISA will continue working closely with the Federal Bureau
of Investigation and the National Cyber Director to build the task force.


Russia’s invasion in Ukraine has changed the cybersecurity landscape and has
created new cybersecurity threats across the world. The US Cybersecurity &
Infrastructure Security Agency (CISA) has warned all organisations that it’s
time to put “shields up.” In the UK, the National Cyber Security Centre (NCSC)
has cautioned British organisations about the heightened risk of attacks, asking
them to strengthen their defences.

According to the European External Action Service (EEAS) which is the European
Union’s diplomatic service: "This war will force us to increase our defence
spending. We need to spend more but above all to spend better, i.e. jointly.
Some member states, such as Germany, have already taken important new measures
in this area with €100 billion additional defence spending in 2022 and an
increase of the defence budget to above 2 % of GDP from 2024. This must be the
case everywhere where defence spending is still too low."

According to Heraclitus, "War is father of all, and king of all". Tt sounds true
for railways cybersecurity, and so many "nice to have" projects have become
"must have".


Our training programs

Cyber Risk GmbH is offering training programs in some difficult areas, like the
new NIS 2 Directive of the European Union that changes the compliance
requirements of many entities in the transport sector (air, rail, water and road
subsectors), and programs that assist the Board of Directors and the CEO in
understanding cybersecurity challenges.

The Board of Directors and the CEO of entities in the transport sector must
understand that they are high value targets. For them, standard security
awareness programs are not going to suffice. The way they are being targeted is
anything but standard or usual. They are the recipients of the most
sophisticated, tailored attacks, including state-sponsored attacks. These are
attacks that are often well planned, well crafted, and employ advanced
psychological techniques able to sway a target towards a desired (compromising)
behavior without raising any alarms.

Countries expand their global intelligence footprint to better support their
growing political, economic, and security interests around the world,
increasingly challenging existing alliances and partnerships. They employ an
array of tools, especially influence campaigns, to advance their interests or
undermine the interests of other countries. They turn a power vacuum into an
opportunity.

Countries use proxies (state-sponsored groups, organizations, organized crime,
etc.) as a way to accomplish national objectives while limiting cost, reducing
the risk of direct conflict, and maintaining plausible deniability.

With plausible deniability, even if the target country is able to attribute an
attack to an actor, it is unable to provide evidence that a link exists between
the actor and the country that sponsors the attack.


Our training programs for the commercial and private aviation industry.

Cybersecurity training for the commercial and private aviation

Cybersecurity training for the Board of Directors and the CEO in the commercial
and private aviation

NIS 2 Directive Training for the commercial and private aviation


Our training programs for the railway industry.

Cybersecurity Training for the Railway Sector.

The NIS 2 Directive as it applies in the Railway Sector.

Cybersecurity Training for the Board of Directors in the Railway Sector.


Our training programs for the maritime industry.

Maritime Cybersecurity Training.

The NIS 2 Directive as it applies in the maritime industry.

Cybersecurity Training for the Board of Directors in the maritime industry.

--------------------------------------------------------------------------------