The principal rail operator in the The Netherlands, Nederlandse Spoorwegen (NS) has been running under its current guise for 80 years and operates more than 4,000 services in the country on a daily basis. Striving to run those services as sustainably as possible, the rail company this year renewd it contract with the supplier of 100% green electricity – powering NS’s offices and rail infrastructure sustainably for at least the next two years.
However, it’s security that is the focus of this week’s SmartRail World 5 Minutes With…, which returns after a hiatus to interview Lies Alderlieste-de Wit, the chief security officer from NS. Lies spoke candidly to Dave Songer about the need for change in transport security, the huge push the operator will make to win the concession in 2025 and, of course, her favourite train journey.
Lies Alderlieste-de Wit (LA): To date, my career in cyber was mostly in finance. I wanted a real change in environment so I looked for an opportunity very different to what I had done up until that point. In finance, insurance and banking, products tend to be of monetary consequence – very fluid. I love the fact that our product is so tangible. The relevance of Nederlandse Spoorwegen (NS) – being at the heart of the country’s public transport and an aspect in everyday life of so many Dutch people – makes it a pleasure to work at.
(DS): What does your job as position of CISO entail?
(LA): I help NS be aware of cyber risk and advise how to resolve risk and provide assurance over policies, ensuring that they’re understood and implemented across the organisation. My team also assist projects with our cyber technical expertise to ensure the right controls are put in place.
(DS): What is the biggest professional challenge you’ve faced?
(LA): In my job it comes in waves. For instance, in 1999 when my profession (information security) didn’t yet exist, a big wave of misunderstood risks around the Y2K bug caused a lot of hysteria. These days we’re facing another of those waves again as an industry: the fast digitisation of the operational technology domain, which introduces unintended risk. A complicating factor is the speed in which threats are exploited and cause major impact. The awareness of the topic in transport is still lagging behind other industries, while the hackers are speeding ahead of us.
On top of that, the pace of change is occurring at a faster rate than awareness of the issue and we need to look at how to close that gap faster. Another huge challenge is how to recruit and retain cyber professionals, as the huge shortage of skilled staff is starting to become apparent.
(DS): You have more than 16 years’ experience of working in security; how have things changed in this area since then?
(LA): Less than you would hope. The top 10 software programming mistakes that made our website vulnerable to hacks are pretty much the same as 10 years ago. Therefore we have to look at ourselves differently. We need to step up as a profession to become more of a business operator, fighting for the attention of a board who are in charge of a broad risk dashboard. Cyber risk is just another risk.
We’re still using FUD (fear, uncertainty and doubt) too much when we communicate cyber risk. For example, my colleagues use fear in the hope that this will motivate a response despite the fact that behavioural change experts know it doesn’t. We need to grow up in terms of risk competence and to express ourselves in terms of risks – that doesn’t mean a doomsday scenario, but it’s important to quantify the risk.
(DS): What are NS’s key business priorities for 2018? Are you able to give specific details on a project or target?
(LA): Keeping all our key performance indicators at the level we achieved in 2017, which is a requirement if we are to win the concession in 2025. NS operations have executed an enormous programme, which led to it achieving very important targets but it’ll be the test now if we can keep performance up in 2018.
(DS): NS has been heavily involved in the development of apps using company data such as NS Speak, which verbalises live train info for the visually impaired. Do you see NS continuing with similar technology in the future?
(LA): I think we were reasonably early in providing an application programming interface (api) for developing apps with NS data. We designed a management process and had to implement technical controls to ensure we could provide this service with assurance of the appropriate use in both legal and technical terms. It has been successful, so it opens up the possibility for further collaboration.
(DS): What will be some of the biggest differences between the passenger journey today and in 10 years’ time?
(LA): We are looking at the various options which will determine future public transport; in 10 years’ time we might have the first driverless train lines. High frequency train corridors will have materialised fully in a decade, making travel timetables further obsolete in certain areas. We will have apps proactively providing passengers with tailored mobility advice.
(DS): What’s your favourite rail journey?
(LA): I love the track to Groningen in the north of The Netherlands because it has many beautiful landscape views. They allow me to ponder, giving me lots of inspiration.
(DS): Brilliant! Thanks Lies for giving us such privileged access into NS’s operations – all the best for the future.
Lies will be speaking at this year's SmartRail on April 17th-19th in Amsterdam, where she will be joined by more than 80 fellow speakers from the wider rail industry. For more information on the show and how to attend, visit the website.
Last week's 5 minutes with… Bob Golden, CEO of The GBS Group.
Would you like to get involved in 5 minutes with…? This fun, informative feature gives our readership the chance to get to know more about the personalities behind the industry, what it is that inspires them, where they see the industry heading and of course their own favourite rail journey! Get in touch with Dave Songer: firstname.lastname@example.org to find out more.