Initial Requirements for a Rail CSIRT. Based on the preceding analysis, we identify some general requirements evident in ISAC discussions that help to scope the potential EU Rail CSIRT Model: • Collaboration in support for cyber security response. • Sharing of threat intelligence concerning new incidents, known threats, new threats, established mitigation strategies, new mitigation measures. • Team for handling collaborative response and supporting recovery. • Sharing “NIS notifications” horizontality among rail stakeholders. • Engagement of relevant digital service providers (DSPs) in collaborative response. • Ensure all “essential services” are addressed (as defined by ENISA ongoing study): o traffic operation o carried passenger and freight security o railway infrastructure and trains maintenance o “operations information” provision to customers o ticketing o billing and finance • Identify methods to enhance quick response. • Manual or automatic sharing mechanisms, considering standards. • Shared services where required (help your neighbour): o vulnerability scanning o security reviews o threat hunting, threat intelligence and vulnerability management The above features are later considered in concert with other potential ER-CSIRT features arising from the different stages of our analysis.
Appears in 1 contract
Sources: Deliverable D3.2
Initial Requirements for a Rail CSIRT. Based on the preceding analysis, we identify some general requirements evident in ISAC discussions that help to scope the potential EU Rail CSIRT Model: • Collaboration in support for cyber security response. • Sharing of threat intelligence concerning new incidents, known threats, new threats, established mitigation strategies, new mitigation measures. • Team for handling collaborative response and supporting recovery. • Sharing “NIS notifications” horizontality among rail stakeholders. • Engagement of relevant digital service providers (DSPs) in collaborative response. • Ensure all “essential services” are addressed (as defined by ENISA ongoing study): o traffic operation o carried passenger and freight security o railway infrastructure and trains maintenance o “operations information” provision to customers o ticketing o billing and finance • Identify methods to enhance quick response. • Manual or automatic sharing mechanisms, considering standards. • Shared services where required (help your neighbour): o vulnerability scanning o security reviews o threat hunting, threat intelligence and vulnerability management The above features are later considered in concert with other potential ER-CSIRT features arising from the different stages of our analysis.
Appears in 1 contract
Sources: Grant Agreement