Stuart Codack, Information Security Manager and Steve Roberts, Head of IT at West Midlands Trains (WMT), gave an inside look into working with SureCloud’s cyber security team.

As an operator of essential services and part of the critical national infrastructure, West Midlands Trains (WMT) are constantly reviewing the service that they provide and the supporting processes to ensure that they are giving customers the very best service. WMT will routinely carry over 200,000 passengers over any of the 1300 services per day, operating from London to Liverpool and predominately in the West Midlands area.

Aligning to business objectives

While providing the best service possible, the business is responsible for making upgrades

While providing the best service possible, the business is responsible for making upgrades, as part of their commitment to the Department for Transport and agreed set of objectives defined within the organization’s committed obligations.

These could range from large projects to developing stations, such as Wolverhampton, upgrading and enhancing the trains’ capacity, or providing more technical solutions to allow customers to purchase tickets and view train services online.

Key cyber security challenges

Understanding the emerging and constantly evolving threats to the rail is critical to ensure that WMT provide an efficient and responsive technical solution for the services operated. They operate within a number of frameworks, most significantly the Network Information Systems (Directive) provided to Operators of Essential Services (OES), and also feed in elements of both ISO27001 and NIST.

The Department for Transport, in conjunction with the National Cyber Security Center, enctheages a mature cyber security posture, and closely monitor and assess assurance levels. This approach challenges WMT constantly and places high demands on the enterprise to deliver and maintain a strong cyber security posture.

Understanding where any actual or potential weaknesses are helps in directly applying restheces to protect systems and maintain confidentiality, integrity and availability. Often overlooked, recognizing where WMT have achieved success has also helped to justify continued and future spending to senior management, by assuring them that a proactive cyber security strategy is worth the investment.

SureCloud cloud-based platform

Chosen for their professionalism during the tender stage, SureCloud comfortably convinced the decision makers of their technical capability, flexibility and willing attitude to join the business on their jtheney, as opposed to other vendors providing the essentials with hidden costs introduced as additional extras.

The SureCloud platform provided WMT with clear visibility of testing outcomes

Another key benefit that helped SureCloud stand out from the rest was the technology-enabled services approach, which utilizes SureCloud’s platform to underpin the service delivery. The cloud-based platform has provided a forum for WMT, in which work streams can be identified and allocated to third-party vendors. The business allows remediation work to be assigned and worked on concurrently.

The SureCloud platform provided WMT with clear visibility of testing outcomes and helped to establish the evidence and patterns of work that supports the various questions across the frameworks that call for continual service improvement, while demonstrating a proactive response to aspects of ISMS has been invaluable.

Benefits of the Cyber security-as-a-Service package

Support was measured against the requirements of the organization and was provided on-demand and willingly offered up throughout all stages of the agreement, with no signs of wavering support on completion of any of the work packages.

The penetration testing has provided a great deal of insight and visibility into areas that needed improvement while assuring other areas where the business had demonstrated some good practices. The results were well presented via the platform with the context that allowed the team to define the risk, and if any action would be needed to mitigate or reduce those risks. The level of expertise was fantastic, with identified areas supported by impacts and potential solutions.

Effective cyber security program

Overall, West Midlands Trains are very satisfied with their investment in the SureCloud tech-enabled services, and have already recommended SureCloud to a number of partners based on the work conducted. West Midlands Trains are passionate about managing an effective cyber security program and the business will continue to work with SureCloud in the future.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

How Can Remote or Internet-Based Training Benefit Security?
How Can Remote or Internet-Based Training Benefit Security?

Internet-based training has long provided a less-expensive alternative to in-person classroom time. There are even universities that provide most or all of their instruction online. However, the COVID-19 pandemic has expanded acceptance even more and increased usage of internet-based meeting and learning tools. We asked this week’s Expert Panel Roundtable: How can remote or Internet-based training benefit the physical security market?

How is AI Changing the Security Market?
How is AI Changing the Security Market?

Artificial intelligence is more than just the latest buzzword in the security marketplace. In some cases, smarter computer technologies like AI and machine learning (ML) are helping to transform how security operates. AI is also expanding the industry’s use cases, sometimes even beyond the historic province of the security realm. It turns out that AI is also a timely tool in the middle of a global pandemic. We asked this week’s Expert Panel Roundtable: How is artificial intelligence (AI) changing the security market?

Moving to Sophisticated Electric Locking
Moving to Sophisticated Electric Locking

In part one of this feature, we introduced the shotbolt – a solenoid actuator – as the workhorse at the heart of most straightforward electric locking systems. Shotbolts remain at the core of most sophisticated electric locking solutions as well. But they are supplemented by materials and technologies that provide characteristics suited to specialist security applications. Here we look at some more demanding electric locking applications and contemporary solutions. Preventing forced entry Where the end of the shotbolt is accessible, the electric holding force can be overcome by physical force. That’s why anti-jacking technology is now a frequent feature of contemporary electric solenoid lock actuators. Anti-jacking, dead-locking or ‘bloc’ technology (the latter patented by MSL) is inherent to the way the locking assembly is designed to suit the requirements of the end application. The patented bloc anti-jacking system is highly effective and incorporated into many MSL shotbolts deployed in electric locking applications. The bloc technology uses a ring of steel balls in a shaped internal housing to physically jam the actuated bolt in place. A range of marine locks is widely used on Superyachts for rapid lockdown security from the helm Real life applications for MSL anti-jacking and bloc-equipped shotbolts include installation in the back of supermarket trucks to secure the roller shutter. Once locked from the cab, or remotely using radio technology, these shutters cannot be forced open by anyone with ‘undesirable intentions’ armed with a jemmy. A range of marine locks is widely used on Superyachts for rapid lockdown security from the helm. While anti-jacking features are an option on these shotbolts, consideration was given to the construction materials to provide durability in saltwater environments. Marine locks use corrosion-proof stainless steel, which is also highly polished to be aesthetically pleasing to suit the prestigious nature of the vessel while hiding the innovative technology that prevents the lock being forced open by intruders who may board the craft. Rotary and proportional solenoids sound unlikely but are now common A less obvious example of integrated technology to prevent forced override is a floor lock. This lock assembly is mounted beneath the floor with round-top stainless-steel bolts that project upwards when actuated. They are designed to lock all-glass doors and are arguably the only discreet and attractive way to lock glass doors securely. In a prestigious installation at a historic entranceway in Edinburgh University, the floor locks are remotely controlled from an emergency button behind the reception desk. They act on twin sets of glass doors to quickly allow the doors to close and then lock them closed with another set of subfloor locks. No amount of stamping on or hitting the 15mm protruding bolt pin will cause it to yield, thus preventing intruders from entering. Or leaving! Explosion proofing In many environments, electric locking technology must be ATEX certified to mitigate any risk of explosion. For example, remote electric locking is used widely on oil and gas rigs for stringent access control, general security and for emergency shutter release in the event of fire. It’s also used across many industrial sectors where explosion risks exist, including flour milling, In many environments, electric locking technology must be ATEX certified to mitigate any risk of explosionpowder producers, paint manufacture, etc. This adds a new dimension to the actuator design, demanding not only intrinsically safe electrical circuits and solenoid coils, but the careful selection of metals and materials to eliminate the chance of sparks arising from moving parts. Resilience under pressure The technology boundaries of solenoids are always being pushed. Rotary and proportional solenoids sound unlikely but are now common. More recently, while not directly related to security in the traditional sense, proportional solenoid valves for accurately controlling the flow of hydrogen and gases now exist. Magnet Schultz has an extensive and somewhat innovative new range of hydrogen valves proving popular in the energy and automotive sectors (Fig. 2-6). There’s a different kind of security risk at play here when dealing with hydrogen under pressures of up to 1050 bar. Bio security Less an issue for the complexity of locking technology but more an imperative for the effectiveness of an electric lock is the frequent use of shotbolts in the bio research sector. Remote electric locking is commonplace in many bioreactor applications. Cultures being grown inside bioreactors can be undesirable agents, making 100% dependable locking of bioreactor lids essential to prevent untimely access or the unwanted escape of organisms. Again, that has proven to be topical in the current climate of recurring coronavirus outbreaks around the world. More than meets the eye In part one, I started by headlining that there’s more to electric lock actuation in all manner of security applications than meets the eye and pointed out that while electric locking is among the most ubiquitous examples of everyday security, the complexity often involved and the advanced technologies deployed typically go unnoticed.Integrating the simplest linear actuator into a complex system is rarely simple For end users, that’s a very good thing. But for electro-mechanical engineers designing a system, it can present a challenge. Our goal at Magnet Schultz is to provide a clearer insight into today’s electric locking industry sector and the wide range of locking solutions available – from the straightforward to the specialized and sophisticated. Integrating the simplest linear actuator into a complex system is rarely simple. There’s no substitute for expertise and experience, and that’s what MSL offers as an outsource service to designers. One benefit afforded to those of us in the actuator industry with a very narrow but intense focus is not just understanding the advantages and limitations of solenoid technology, but the visibility of, and participation in, emerging developments in the science of electric locking. Knowing what’s achievable is invaluable in every project development phase.