Choose Location

Register your interest


Register your interest


RISSB Rail Cyber Security Conference

Fundamental education on protecting critical infrastructure from cyber threats.

17-18 October 2017 | Rendezvous Hotel Melbourne

RISSB Membership rate available - SEE PRICING BELOW


“The web belongs to the bad guys…The attempt to recover it has only just begun. It won’t be easy.” – Sydney Morning Herald, July 4, 2017

RISSB and Informa are proud to announce the inaugural RISSB Rail Cyber Security Conference, to be held on the 17th – 18th October, 2017 at the Rendezvous Hotel in Melbourne.

From driverless trains to new signalling systems, the Australian rail industry is embracing automation and digital innovation. With new frontiers come new dangers however, and examples from all over the world show us how crucial cyber security has become for critical infrastructure systems. Infrastructure damage, threats to safety, disruptions, economic loss and data breaches are all possible outcomes from compromised operational technology, and it is these outcomes we wish to address.

Starting annually from 2017, the RISSB Rail Cyber Security Conference will be the industry event to address all your rail cyber security concerns. In 2017 we will lay a foundation to build upon: detailing what threats are present, strategies that can be put into place, why cyber security is so important and what you can do to help. This will be achieved by open discussion and foundational education, examination of Australian case-studies, analysis from experts in the field, and commentary from leading government agencies and representatives.

The Inaugural RISSB Rail Cyber Security Conference will give you the confidence to know that if your systems are compromised, you will know how to respond.


WORKSHOP 1: Responding to Cyber Threats – Facilitated by Michael Nancarrow

The new challenge is to show a visible return on security expenditure and ensure the level of risk determines where time, effort and money are focussed.

  • How does this work with control systems where the lifecycle cannot match the evolving threat environment?
  • How would you prioritise your expenditure and effort based on risk to the traditional controls?
  • Is there a commonality between enterprise approach and control systems approach?

Security Controls are traditionally classified into: Deterrent, Preventive, Detective, Corrective and Recovery. Or come from the NIST based: Identify, Protect, Detect, Respond and Recover

Working with participants this workshop will attempt to identify key decision points and how to determine if there are Key Risk Indicators which may assist. Determine if there are common “global Risks” that can be used to simplify and Identify where time and effort should be spent.

Facilitated by Michael Nancarrow, Systems Security Manager, Sydney Trains


WORKSHOP 2: Cyber Security and Rail Regulation – Facilitated by David James & Jordan Trasente

The Australian rail industry is increasingly taking up the advantages and opportunities presented by new technologies, especially in the digital space. Effective rail cyber security is an important consideration in a field which is undergoing rapid change and appropriate regulation is important. Office of the National Rail Safety Regulator recognises the need to ensure that appropriate risk controls are established by rail transport operators to deal with rail cyber security risks.

  • One size does not fit all – what should be considered by the Regulator?
  • Rail cyber security standards and guidance currently available in Australia and internationally?
  • Industry readiness to address rail cyber security risks?
  • What is the role of the rail safety regulator when it comes to rail cyber security?


WORKSHOP 3: Cyber Risk in Remote Vendor Access – Facilitated by Dr Kenneth Radke

There is a need to allow vendors to access critical infrastructure control system sites remotely, to assist with emergency maintenance of their products.  Recently, countries across the world have realised that by granting remote access to the vendors, they are putting their critical infrastructure in the hands of a foreign country.  While the vendors themselves may be trusted, there remain many other issues including opening connections from the control systems to the Internet, and cross contamination between sites and countries that the vendor provides support to.

This workshop will aim to develop a protocol which allows emergency remote vendor access, while providing heightened security to the rail operator.  Topics covered and explored in the workshop will include the need for the protocol, concepts for the design of the protocol, and known issues with implementing the finished protocol.


WORKSHOP 4: Communicating the Cyber Risk – Facilitated by Anthony Fewster

It is essential for improvements that the communication of cyber risk is both effective and valid. This can come from a variety of supporting information such as data, lesson learned and specific performance indicators to get the message across. When it comes to the boardroom it really must resonate with the members and what it means to their organisation. Therefore, reporting of the cyber risk message must be consistent. Reports can consist cyber exposure in terms of probable outcomes and may even be effective by reporting the exposure in categories.

In the mix is the communication of cyber risk concerns to the board level and how this can be done effectively

  • Inconsistent or consistent –  what do we think of the current reporting?
  • What reporting metrics would be used to ensure benefit is gained and the correct data is sourced?
  • What model would be used for reporting and how is this to be done?
  • How do we quantify cyber risk?
  • How do we communicate to the Board?

Conference Dinner

Held at the InterContinental Melbourne from 6:00pm on October 17th, this elegant banquet dinner represents a fantastic opportunity to network and discuss the day’s events with the speakers and your fellow delegates. Complimentary to all registered delegates.


Hon Dan Tehan MP

Minister Assisting the Prime Minister for Cyber Security

Jason Smith

Technical Director, CERT Australia

Sue McCarrey

Chief Executive, Office of the National Rail Safety Regulator (ONRSR)

Paul Daly

Chief Executive Officer, Rail Industry Safety and Standards Board (RISSB)

Robert Di Pietro

Partner - Cyber Security, PwC

Dr Kenneth Radke

Control Systems Team Lead, Technical Operations, CERT Australia

Duncan Unwin

CEO, Tobruk Security

Dr Ernest Foo

Senior Lecturer, Queensland University of Technology

Jordan Trasente

Technical Solutions Analyst, ONRSR

Anthony Fewster

General Manager Safety, Risk and Business Resiliance, Metro Trains Melbourne

Dr Garry Marling

Principal, Marling Group

Michael Nancarrow

Systems Security Manager, Sydney Trains

David James

National Accreditation Manager, Office of the National Rail Safety Regulator

Patrick Batch

Director, BCT Solutions

when & where

17 - 18 Oct 2017

Rendezvous Hotel Melbourne
328 Flinders St, Melbourne VIC 3000
(03) 9250 1888

Book Accommodation with Lido Group
For your convenience Lido Group will manage your accommodation needs. Click here or call 02 8585 0808.


Still have a question?

Nicholas Mayfield
Conference Producer
02 9080 4477

Samantha Lister
Sponsorship & Exhibition Manager
02 9080 4432

Get all the latest on Informa news and events

Informa Australia is the nation's leading event organiser. Our events comprise of large scale exhibitions, industry conferences and highly specialised corporate training.

Find out more