THALES DELIVERING DIGITAL TRUST FOR SAFETY-CRITICAL SYSTEMS ON UK RAIL NETWORK
NRTs Enterprise CA/PKI is a powerful cyber-security system that introduces greater digital trust through authentication, encryption and certification, protecting Network Rail’s wider infrastructure, including Information Technology (IT), software, the Internet of Things (IOT), security cameras, station information boards, as well as securing Operational Technology (OT) assets.
The contract to design, build, test and deliver Enterprise CA/PKI also includes a discovery phase, now completed, which has identified new systems and capability that could grow over time. Enterprise CA/PKI will also need to accommodate the additional services and organisations that will be introduced when Great British Railway, a new, state-owned public body, currently planned to commence transitioning from 2024 to oversee all UK rail transport operations, is formed. The contract includes a three-year support period with the option of two 12-month extensions, giving the potential to develop the service further.
Also within the contract is the responsibility to periodically generate and protect Network Rail’s CA/PKI root keys. The root key certificate (a string of alpha-numeric characters) is important because this "master key certificate" verifies all the certificates below it. The security of the root certificate determines the security of the entire Network Rail Enterprise CA/PKI system. Thales is entrusted to securely store Network Rails root CAs within its List X facility, which is a commercial site used to securely hold UK government information.
The introduction of CA/PKI will introduce greater levels of digital trust as the railway system transitions from trackside signaling to on-board digital systems. It will also give greater control to Network Rail for managing its own IT, IOT and OT assets, being able to determine the lifecycles of devices, such as laptops and mobile phones, through its own certification process, rather than relying on external agencies.
