Digitizing and Securing Norway's Railway NetworkCISO Tom Remberg of Bane NOR on Managing Threats to Critical Infrastructure
Norway's railway network, Bane NOR, is undergoing a nationwide digitization process. Its CISO, Tom Remberg, describes what the task of replacing legacy technology with digital train control and traffic management systems entails and how his role as CISO is critical to making that transformation happen.
For mission-critical systems undergoing a digitization program as extensive as this, Remberg stresses the need for "different layers of protection" and "high-availability elements," so if one of the elements, such as a server, fails, the service is still available. He says that in order to avoid adverse business impacts in case of an outage, everything must be duplicated and it must be possible to "take one part of the infrastructure down, maintain and upgrade it, while the other one is running."
In a video interview with Information Security Media Group, Remberg discusses:
- Threats to critical infrastructure and how to protect against them;
- Maintaining patch management policy while ensuring business continuity;
- Moving from an antiquated legacy system to a framework that is "secure by design."
Remberg is chief information security officer for Bane NOR, a state-owned company responsible for the Norwegian national railway infrastructure. He was previously group CISO at Intertek, vice president and head of security governance at Telenor Group and a director with PwC, specializing in strategic information security Management. He has managed several complex projects to implement and improve companies' information security management systems.