COUNTRY FOCUS : BELGIUM
“
NO SECURITY PROGRAMME CAN SUCCEED WITHOUT THE SUPPORT OF ALL STAFF . TECHNOLOGY ALONE WILL NOT SAVE US .
Can you give us an overview of the company and why having a robust cybersecurity culture is important ?
Our staff , the Freight Force , is about 2,100 people strong . It consists of two large groups . On the one hand , there are the employees working in an office environment . They are used to working with computers on a daily basis . On the other hand , we have a lot of ground personnel and drivers who spend their day outside in the field and only use mobile devices . We see a different level of cybersecurity awareness between and within these groups . Where maturity is lagging , we take action to catch up . Their daily job consists of being in the field . They are only using mobile devices . The difference in cybersecurity maturity between both groups is a fact .
That ’ s not to say office staff are cybersecurity experts . The train business as a whole is lagging behind from that perspective and a catch-up is certainly necessary . That low cybersecurity maturity of our human capital is indeed dangerous . No security programme can succeed without the support of all staff . Technology alone will not save us . That ’ s why we are heavily focusing on creating cybersecurity awareness across all levels of the company .
As Europe ’ s largest private rail freight operator , how vital is it for Lineas to ensure the availability and security of operations at all times ?
We often play a crucial role in the supply chain of our customers . If our IT systems stop working , that immediately has a knockon effect on the ground , impacting our trains and our customers . We simply cannot afford any downtime .
What are some of the common cyberattacks you witness within the transport industry and how do you ensure you can protect against these ?
We have not experienced any specific attacks besides the types of attacks we are all suffering from . We did experience
a successful attack at the beginning of the year . You may remember the widespread panic around the Citrix Netscaler vulnerabilities around the year end . We had successfully and swiftly patched the vulnerabilities when they had been announced . Or at least we thought . Apparently , we had missed one instance which got compromised . Luckily , this was detected rather quickly , followed by an isolation and eventually removal of the affected host .
Further analysis showed no fallout . This again is evidence that technology alone will not save us . A proper compliance check after patching was omitted . The proper processes need to support the technology we are using .
52 INTELLIGENTCIO www . intelligentcio . com