Cyber threat

Cyber threat

Group risk

The risk of a cyber attack due to mounting threat and because NS fails to meet the compliance or security requirements for IT or OT (= IT on and around the train).

Development 2023

NS has taken further control measures, but in the meantime the threat level has risen due to further (chain) digitalisation and cyber threats are increasing, partly due to the hybrid war from Russia, which also targets vital infrastructures.

Control measures

• Implementation of the NS Cyber Security Management System (CSMS) and ISO27001 certification on NS Business Card processes.

• Increased focus on a cyber-safe culture, including through anti-phishing campaigns, NS-wide knowledge sessions and our own Cybersecurity Academy.

• Cyber ​​roadmap with measures to intrinsically reduce the cyber-vulnerability of NS, based on a secure-by-design set-up and architecture.

• Further development of human and technological capacity for early detection and follow-up of cyber incidents.

• Provide management focus by means of a newly developed cybersecurity strategy 2027

• Practise incident handling, including through participation in national ISIDOOR exercise.

• Strengthen integrated IT architecture and processes.