Agenda
21st October
Rail Cyber Resilience Summit (RCRS)
Securing the Digital Railway: Moving from Reactive Defence to Predictive Resilience, Engineering Cyber Resilience
Across Europe’s Rail Ecosystem
8:25 am
Strategic Morning Panel Discussion: Making the Leap Forward from Framework to Frontline: How to Operationalise NIS2, Least Privilege and Risk Policy at Enterprise Scale
This session delivers a practical playbook for translating security frameworks into operational reality, showing how rail organisations can move faster from vision and policy into deployed, measurable controls without stalling delivery or inflating cost.
Vish Kalsapura, Principal Engineer, Network Rail
Tonu Tammer, Chief Information Officer, AS Eesti Raudtee
Přemysl Šrámek, Cyber security auditor, Správa železnic
9:10 am
Lightning Talk: OT Security in Practice: Implementing NIS 2 and CRA throughout the OT lifecycle
Presenting examples, this talk will demonstrate how risk analyses, security requirements engineering, system architecture design, hardening, test automation, monitoring and vulnerability management are interlinked. The presentation will show how a structured approach based on IEC 62443 covers both regulations and where NIS 2 and the CRA go beyond existing standards.

Martin Koop, Head of Railway Security, INCYDE GmbH
10:00 am
Panel Discussion: Engineering CRA-Compliant Rail Products, Defining Ownership, Requirements and Lifecycle Responsibility Across the Supply Chain
A practical, commercial and technical playbook for translating Cyber Resilience Act (CRA) requirements into deployable, sellable and future-proof rail products. Learn how operators, manufacturers and integrators can define ownership, close compliance gaps, and embed requirements into procurement and lifecycle delivery to ensure product compliance beyond 2027.
Eddy Thesee, Vice President Digital & Cybersecurity, Alstom
Amelia Alder, Legal Counsel Cybersecurity, Knorr-Bremse
Martin Koop, Head of Railway Security, INCYDE GmbH
10:40 am
Implementing IEC 63452: The New Railway Cybersecurity Standard, Why it Exist, How it Aligns With the Wider Regulatory Landscape and What It Means for Operators
Vish Kalsapura, Principal Engineer, Network Rail
11:40 am
Securing the Future of ERTMS: Designing Resilient, Interoperable and Cyber-Safe Systems, Engineering Security into Europe’s Future Signalling System
This session delivers a strategic resilience and security framework for implementing ERTMS at scale, balancing safety, cyber risk, supply-chain dependency, and long-term lifecycle integrity.
1:00 pm
Visibility, Detection & Threat Anticipation: Moving from Reactive Defence to Predictive Protection
Ignite Session: Achieving Full OT Asset Visibility: Automating Discovery, scanning and Strengthening Identity Controls to Safeguard Critical Rail Operations
This session delivers a practical overview of DB InfraGO as Europe’s largest rail infrastructure manager and a KRITIS operator (critical infrastructure).
Ulrich Zackor, Head of OT Security, DB InfraGO AG
1:30 pm
Ignite Session: From Threat Awareness to Threat Anticipation: Transitioning to Predictive Cyber Intelligence for Rail
As digital complexity expands the rail attack surface, this session delivers a practical intelligence and analytics framework to help operators detect emerging threats earlier, justify security investment through safety impact, and prevent escalation before disruption occurs.
1:50 pm
Lightning Talk: Solving the Complexity of Identity and Access Management at Scale – Achieving a Single Source of Truth Across People, Machines and IoT in Rail?
This session delivers a practical identity governance framework for managing workforce, machine, and IoT access at rail scale, enabling full visibility, faster containment, and reduced cyber risk
2:10 pm
PEOPLE, CULTURE & SKILLS: HUMAN RISK, AWARENESS GAPS AND MFA RESISTANCE
Spotlight Session: Transforming the Rail Safety Culture: Moving from Compliance to Behavioural Change, Embedding Security as a Core Operational Value
This session delivers a practical cultural and leadership framework for shifting rail from reactive cyber defence to proactive, safety-led security thinking, embedding cyber awareness into everyday operational decisions.
Ola Jankowska, Solution Architect, ProRail
3:10 pm
BUSINESS CONTINUITY & CRISIS RESPONSE: ENGINEERING CYBER RESILIENCE AT SCALE
Lightning Talk: Designing Disaster Recovery and Continuity Models for Cyber Survival, Preparing for a Ransomware-Ready Future
This session delivers a practical resilience and recovery framework to help rail organisations withstand, contain, and rapidly recover from large-scale cyber disruption, safeguarding safety-critical operations.
3:40 pm
SUPPLY CHAIN RISK & ECOSYSTEM SECURITY: MANAGING RISK BEYOND THE RAILWAY BOUNDARY
Panel Discussion: Securing the Software Supply Chain: Preventing Code Tampering, Reducing Attack Surface, and Protecting Rail Operations: Minimising risk in building new software.
This session delivers a practical framework for securing the full software lifecycle, from code commit to live deployment, tackling the industry’s fastest-growing cyber risk: supply chain compromise.
Ola Jankowska, Solution Architect, ProRail
Eddy Thesee, Vice President Cybersecurity, Alstom
Alex Cowan, CEO & Founder, RazorSecure



