From Appenzell to Ticino and Jura to Vaud, RAILplus covers the metre-gauge railways of the whole of Switzerland.
In an environment where cyber crises are increasingly common and can affect all economic actors, RAILplus has drawn on ELCA's experience to conduct crisis exercises among its members.
Since late summer 2022, the experts of the RAILplus cyber security competence centre have been visiting each of its members to conduct a cyber crisis exercise. The aim is to test processes that are rarely used by railway companies in half a day. The participants used all their energy during the exercises to use their skills to involve and coordinate the different teams and to train decision-making in times of crisis to limit the damage that the attack would have caused to their company.
The main lessons learnt from all RAILplus members who carried out this exercise are undoubtedly an assessment of their preparedness for a cyber crisis and how well interdepartmental communication works. A greater interest among participants in topics related to cyber security was achieved. The advice given by the experts after the exercises helps members to strengthen their ability to deal with such events and to be better prepared for a possible serious incident.
The usefulness and necessity of this exercise was given by the participants in the form of feedback to the ELCA experts. Here are two examples:
A very instructive exercise for the entire crisis team. After the Covid crisis and the energy crisis, it was natural for TRAVYS to test our ability to deal with a cyber attack.
Daniel Reymond
Director of TRAVYS
This exercise allowed us to test our processes and communication in the face of a realistic cyber crisis scenario. All participants learned a lot from this exercise, which led to an instructive exchange between the departments.
Ralf Rechsteiner
IT Manager at Appenzell Railways