Building An ISAC For The Railway Sector

As part of the National Cyber Strategy (NCS) of the NCSC, sectors are encouraged to organise themselves into Information Sharing and Analysis Centers (ISACs - also named in the NCS "CSC" - Cyber Security Centers) to strengthen cooperation between institutions and authorities in the fight against cyber threats and to increase a sector's resiliency. In this context, the Swiss Federal Railways (SBB / CFF) is establishing such an ISAC for the railway sector in close collaboration with the railways and the Federal Office of Transport (FOT). This talk will take the audience through the journey of the creation of the Rail ISAC from the initial idea to its full operationalization, which took place on May 1st, 2025. We will also share details about some operational services we specialize in, including: - How we monitor, detect, analyze, and elaborate recommendations about current and upcoming cyber threats. - How we analyse en masse malware and generate actionable threat intelligence out of it. - Details how the generated information is shared, with a focus on adapted outputs for the various stakeholders of the sector but also with the community of Critical infrastructures in Switzerland. Rail ISAC dedicates significant resources to covering and better understanding Operational Technology (OT) environments, which are critical in the railways sector. This strong focus yields additional intelligence and enables us to track specific threats and their threat actors, enhancing proactive security. We will show our first steps in understanding the threat landscape in the OT sector and what our current perception is.