Common use of Respondents Advice and Comments to the Study Clause in Contracts

Respondents Advice and Comments to the Study. Despite an extensive survey, participants provide some additional advice in the final open comment section as follows: • A key challenge is to prove, show and create a community with active members. • We need a demonstration to convince people through experience, e.g. by presenting to ISAC. If there are public reports, make sure all ISAC people are sent copies. • The model should include cooperation with relevant European CSIRTs and ISACs. • There are many rail initiatives in Europe, and they compete for attention, so it is necessary to link concerns together to solve the problem of collaboration. • Optimal use should be made of existing models and platforms already in use or under development to support international exchange and cooperation between CISRTs. • Even if large rail companies lead the CSIRT all rail companies can be supported for European strengthening. • To make all European railways safe needs all railway companies and their system providers to be open and share problems. • Focus on both IT and OT systems for railways so as to have an end-to-end view. • ▇▇-▇▇▇▇ should contribute for EU-Rail-CSIRT building. Profile of Respondents • Both IM and RU seek collaboration around Prevention and Response. • Key stakeholders within rail security teams fulfil a range of roles. • Point of contact for collaboration will vary between different railway security teams Supporting Co-design on Model and Collaborative Platform • The majority of IM/RU wish to support 4SECURail co-design and workshop activities. Sharing Cyber Threat Information • The majority of key stakeholders wish to share threat intelligence. • Choice of anonymity is context-dependent and linked to “trust”. • Coordination of different security teams’ response is seen as highly attractive / beneficial. • Sharing is mainly around likely threats and actual incidents. • Required shared facilities include database (IoC, etc.) and Communications (alerts/warnings). Company Cyber Security Actions • The majority have clear security teams / responsibilities - not all follow CSIRT model. • Roles and tasks are highly variable. • ENISA guidance on CSIRTs is being used by many and stated as being of high value.

Respondents Advice and Comments to the Study. Despite an extensive survey, participants provide some additional advice in the final open comment section as follows: • A key challenge is to prove, show and create a community with active members. • We need a demonstration to convince people through experience, e.g. by presenting to ISAC▇▇- ▇▇▇▇. If there are public reports, make sure all ISAC ▇▇-▇▇▇▇ people are sent copies. • The model should include cooperation with relevant European CSIRTs and ISACs. • There are many rail initiatives in Europe, and they compete for attention, so it is necessary to link concerns together to solve the problem of collaboration. • Optimal use should be made of existing models and platforms already in use or under development to support international exchange and cooperation between CISRTs. • Even if large rail companies lead the CSIRT all rail companies can be supported for European strengthening. • To make all European railways safe needs all railway companies and their system providers to be open and share problems. • Focus on both IT and OT systems for railways so as to have an end-to-end view. • ▇▇-▇▇▇▇ should contribute for EU-Rail-CSIRT building. Profile of Respondents • Both IM and RU seek collaboration around Prevention and Response. • Key stakeholders within rail security teams fulfil a range of roles. • Point of contact for collaboration will vary between different railway security teams Supporting Co-design on Model and Collaborative Platform • The majority of IM/RU wish to support 4SECURail co-design and workshop activities. Sharing Cyber Threat Information • The majority of key stakeholders wish wishes to share threat intelligence. • Choice of anonymity is context-dependent and linked to “trust”. • Coordination of different security teams’ response is seen as highly attractive / beneficial. • Sharing is mainly around likely threats and actual incidents. • Required shared facilities include database (IoC, etc.) and Communications (alerts/warnings). Company Cyber Security Actions • The majority have clear security teams / responsibilities - not all follow CSIRT model. • Roles and tasks are highly variable. • ENISA guidance on CSIRTs is being used by many and stated as being of high value.