When Software Goes Wrong

Featured story
These two podcast episodes looks at the effect on the rail industry of The Security of Network & Information Systems Regulations 2018. And what we need to be doing to demonstrate compliance.

Episode 9 is Part 1 of a feature in which Dr Emma Taylor talks about the 'NIS Regulations', what they mean for the industry and about what we in the industry need to do to comply with the regulations, to deliver a better, safer railway. She looks firstly at who should be concerned, and what we need to do to demonstrate compliance and avoid fines of up to £17m. What to do until we have a good body of precursors to digital incidents; and what aspects or operations should be considered as safety critical.

In episode 10 we talk about the human aspects, the culture change that will be needed to address digital safety threats.  The need for traditional design engineers to broaden their sphere of thinking, and to bring others into design conversations.  Emma also talks about the need to start thinking about reasonably foreseeable scenarios. For us all to start thinking about what could go wrong when you consider the digital components within your physical assets.

Listen to Part 1

Listen to Part 2

The topics that Emma talks about in part 1 of this episode include:

  • Who in the railway should be aware of the NIS Regulations, and why. And about why design engineers for the physical parts of the railway may not be engaged with the aspects of digital safety. [1:44]
  • What we should be doing until we have a body of knowledge about digital safety and a have built a good set of precursor indicators. [7:20]
  • Is the railway's current definition of 'safety-critical' broad enough? And what risks could be brought about by breaking into a 'non-safety-critical' system. [9:30]

The topics that Emma talks about in part 2 of this episode include:

  • The main barriers to developing an appropriate level of digital resilience. And the need to get to a place of common understanding between the designers of physical assets and the security specialists who understand the digital parts that make up the infrastructure and rolling stock. [0:36]
  • What her experience in the Oil and Gas and Aerospace sectors tell us about what we ought to focus on to better manage digital safety risk. [7:12]
  • What the industry should be doing to identify what could go wrong. And the importance of thinking about reasonably foreseeable scenarios. We can't have siloed thinking, we need system-wide collaboration and to include specialist digital safety engineers in the design process. [8:58]
  • The scenarios that could happen if you don't start to think about digital safety until after the incident has happened. How wide the issue is that caused the incident. What could happen and who might be held responsible. [13:39].

Related resources: 

Haven’t found what you’re looking for?
Get in touch with our Lead Content Manger for more information.
Ant Davey
Tel: 020 3142 5407
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.