In this episode Dr Emma Taylor talks about the 'NIS Regulations', what they mean for the industry and about what the industry needs to do to comply with the regulations. She looks at who should be concerned, and what we need to do to demonstrate compliance and avoid fines of up to £17m. What to do until we have a good body of precursors to digital incidents; and what aspects of operations should be considered as safety critical.
01:44 Who should be aware of the NIS Regulations, and why.
07:20 What we should be doing until we have a body of knowledge about digital safety and a have built a good set of precursor indicators.
09:30 Is the railway's current definition of 'safety-critical' broad enough? And what risks can come from breaking into a 'non-safety-critical' system.
Related resources:
National Cyber Security Centre: https://www.ncsc.gov.uk/
Episode 6—the podcast: https://www.buzzsprout.com/925129/6106243
Data & Information System Interface Committee: https://www.rssb.co.uk/what-we-do/groups-and-committees/technical-strategy/sic-chairs/di-sic