This introductory session explain about the need of the program, how it is been design and how it is expected to drive as a certification program in coordination with IIT Madras Technical Information: Introduction about IIT Madras, FISST and about students
Provide an overview of Cyber Security, its domains, its necessity in the modern digital era and mindset to drive this program until the end Technical Information:
Introduction to Cyber Security,
Introduction to Information Security
Overview of Cyber Security
Domain Information of Cyber Security
Types of Security
Branches of Cyber Security

Setting the Scene
Threat Landscape in the Railway Domain
Safety and Security
Terminology
Railway Cyber Security challenges
Risk Factors

Trackside Signalling
Block Systems
Interlocking
Centralized Control
Onboard Equipment
Fixed Block
Moving Block
Communications-Based Train Control (CBTC)

Introduction to operational technology Cybersecurity
Distributed Control System (DCS)
Supervisory Control And Data Acquisition (SCADA)
Industrial Control Systems (ICS)
IT / OT Gap and Convergence
Operational Technology Logical design and components
Operational Technology Network Protocols
Modbus Analysis

Voice Communication
Data Communication
Satellite Communication

Network Security basics for organization
Penetration testing methodology
Ports and services of modern networks
Types of hacks using networking
Network devices
Linux commands and techniques
Tools
Log analyzer
Wireshark
Nessus
Aircrack
Snort
John the Ripper
tcpdump

Details: This session is been split into two as theory and practical. The theoretical part of this session shall explain about the concepts of cryptography used in passwords and other methodological ways.
The practical session helps to understand basic tools of cryptography on how to design tough password and safeguard your digital assets
Technical Information:
Cryptography basic concepts,
Types of cryptography,
Message authentication,
Encryptions algorithms,
Hashing algorithms,
Steganography,
Digital certificates
Tools
hash calc,
Quickstego,
Disk crypto,
AES Crypt,
Our secret

Details: This section dives into the intricate world of train operations, the beating heart of any railway system. From planning schedules to ensuring safe and efficient movement, train operations encompass a vast array of activities.
Let’s hop aboard and explore the key aspects:
Scheduling and Timetabling.
Routing and Dispatching.
Signalling and Control.
Maintenance and Inspection.
Incident Management.
Passenger Service.

Imagine the railway system as a giant, intricate machine. Just like any machine, it needs constant care and attention to function smoothly and safely. This is where maintenance and asset management come in, playing a vital role in the reliable operation of railways.
Let’s dive into the toolbox:
Predictive Maintenance.
Preventative Maintenance.
Corrective Maintenance.
Inventory and Resource Management.
Risk Management.

Imagine a vast network of tracks, stations, bridges, tunnels, and control centers. This intricate web of infrastructure and facilities forms the backbone of the railway system, enabling safe and efficient transportation. But just like any network, it’s susceptible to cyber threats.
Let’s explore the key components:
Tracks.
Stations.
Signalling Systems.
Control Centres.
Power Supply.

This session provide an understanding and need for strong Physical security and how assets containing digital data to be stored a safe environment. Some of the interesting way of physical hacking that help hackers to steal invaluable data shall be handled during the bootcamp session
Technical Information:
Physical security introduction
Perimeter security
Cyber physical security
Command and control system
Overview of IoT devices and security concerns Tools:
Rubber Ducky
WiFi Pineapple
Aircheck
LAN Turtle
HackRF One
Lockpicks
Keylogger

Imagine a world where buying a train ticket is as simple as a tap on your phone, and payments are seamless and secure. This is the reality brought about by advanced ticketing and payment systems in the railway industry. But along with convenience come new cybersecurity challenges. Let’s dive into this exciting realm!
Key Components:
Online Ticketing Platforms:
Mobile Ticketing Apps:
Automated Fare Collection (AFC) Systems:
Revenue Management Systems:

This session explain about the way how Cyber Law is designed for the hacking era with practices and solutions to follow while using internet and internet related technologies

Technical Information:
Cyber law concepts,
IT law sections,
Do’s and Don’ts in cyber environment,
Cyber etiquette,
How to perform lawful activity

This session is been split into two as theory and practical. The theoretical part of this session shall explain about the concepts of digital forensics and how an investigation is performed after a breach. The practical session drives you to the world of forensics with state-of-the-art forensics tool handling extended to the bootcamp session
Technical Information:
Digital Forensics concepts,
Digital forensic methods,
Digital forensic tools,
Sample data for analysis,
Digital forensic process and identification Tools:
Autopsy,
FTK imager,
CAINE,
Bulk Extractor,
DEFT,
Xplico,
Plainsight,
X-Way Forensics,
EnCase

This session talks about Cyber risk and how to mitigate it using Cyber Insurance and best practices in keeping your data and process in the digital environment
Technical Information:
Cyber Risk assessment
Risk management
Risk matrix and methodology
Cyber insurance framework
How to achieve Cyber Insurance for an organisation

Welcome aboard the information express! In today’s world, passengers expect real-time updates, entertainment options, and seamless connectivity during their train journeys. This is where passenger information systems (PIS) and onboard Wi-Fi come in, enhancing the travel experience while introducing new cybersecurity challenges.
Passenger Information Systems:
Imagine clear displays at stations and on trains providing:
Arrival and departure times: Stay updated on your journey and avoid stress.
Platform changes and connections: Navigate complex stations with ease.
Disruption alerts and alternative travel options:
Live news and entertainment.

In today’s hyperconnected world, Wi-Fi is the lifeline of our devices. But just like any open door, unprotected Wi-Fi invites unwanted guests – cybercriminals seeking to steal data, launch attacks, or infect devices.
Learning outcomes:
Understanding of common Wi-Fi security threats
Password best practices for routers and devices
Choosing the right encryption protocol
Creating and managing secure guest networks
Configuring router firewall settings

This session explains about the vulnerabilities that exist in today’s mobile operating systems and how to understand, identify and eliminiate those vulnerabilities with available tools and techniques extended to boot camp sessions
Technical Information:
Mobile Security basics
Operating System level vulnerability
Mobile Vulnerability Assessment basics Tools:
Zed attack proxy
Kiuwan
Android debugger

This session talks about the risks and issues of migrating to cloud, managing cloud environment and various vulnerabilities present in cloud environments
Technical Information:
Cloud Security basics
Cloud Control Matrix
OWASP top 10 Cloud vulnerability
Auditing Cloud environment

In the digital age, train travel is no longer just about getting from point A to B. It’s also about a delicate dance between passenger convenience, information sharing, and data privacy. This is where data privacy and passenger information in rail cybersecurity come into play. The session shall cover
Data breaches
Misuse of data
Lack of transparency

This session explain about the Cyber Security governance and compliance requirements required to be followed by organisations, governments along with details of modern standards and policies
Session Coverage
Cyber Security Governance
Cyber Security Compliance
Best practice standards
Compliance for corporate

This session deals with the importance of risk management and how to identify an organisation’s risk and ascertain the mitigation methodology from a third eye angle and support with mitigation steps
Technical Coverage:
Risk management basics
Risk management concepts
Risk matrix methodology
Risk identification and risk treatment

Imagine a bustling train station. Trains glide in and out, carrying passengers across vast distances. But behind the scenes, a complex operation is ensuring these journeys are efficient and sustainable energy management is ensured.
Technical Coverage from Cybersecurity Perspective
Electricity: Overhead lines or onboard batteries for electric trains.
Diesel fuel: Traditional locomotives rely on internal combustion engines.
Reducing operating costs: Lower energy consumption means savings for railway operators.
Environmental sustainability: Minimizing emissions contributes to a greener future.
Improved performance: Efficient energy management can enhance train speed and reliability.

The explosive growth of connected IoT devices enables the world’s digitization, but also dramatically increases the amount of security threats. You’ll use the latest technologies to perform vulnerability and risk assessments, then research and recommend risk mitigation strategies for common security threats in IoT systems.

Conduct end-to-end security assessments of IoT systems to demonstrate vulnerabilities.
Gain hands-on experience with IoT prototypes using a Raspberry Pi.
Recommend threat mitigation measures to minimize the risk in IoT solutions and networks.
Become proficient using real-world penetration and vulnerability testing tools such as Kali Linux.

This session talks about the steps and procedures of an incident management process and what to follow post an incident/breach in a detailed manner to prepare for worst time
Technical Coverage:
Incident management as process
Incident management concept and steps
Performing incident analysis

Imagine a bustling train station. Behind the scenes, a complex web of interactions unfolds. Ticket bookings go through external payment gateways, passenger information systems rely on real-time traffic data, and maintenance schedules link with repair service providers. These connections are known as third-party interfaces, and they bring both convenience and cybersecurity challenges.
Connecting the Dots: Understanding third-party interfaces which impact security:

This session explains about the mindset of a hacker and how the hacker think, plan, strategize, work with modern concepts, techniques and tools to hack into a network towards stealing information from individuals, organisations and government.
Technical Coverage:
Hacking concepts
Hacking types
Hacking methodology
Hacking techniques and tools Tools:
Metasploit
Acunetix
App Scan
Cain & Abel
Password cracker
Ettercap
HPWebinspect
L0phcrack

This session unveils about how dark web and deep web is helping hackers in gathering data about an individual, an organisation and governments to penetrate into an environment with smart commands and techniques
Technical Coverage:
Deep web and Dark web overview and basics
ToR browser and its utility
The black market and its data
Ransomware

Tools:
ToR browser
Online tools
Commands and installations

This session aims to equip participants with a basic understanding of freight and cargo management within the context of rail cybersecurity. It will cover essential aspects related to the security of transported goods and the systems managing them.
Module contents:
Introduction to Freight and Cargo Management:
Cybersecurity threats in Freight and Cargo Management:
Cybersecurity best practices for Freight and Cargo Management:
Emerging technologies in Rail Freight and Cargo Security:
Case studies and practical exercises:

This session talks about top vulnerabilities persistent in applications and how to identify using the command and tools available with state of the art incident based real world lab providing you the concept oriented explanation
Technical Coverage:
Application security concepts
Web Vulnerability Assessment and Penetration Testing
Identifying OWASP top 10 vulnerabilities Tools:
Acunetix
Netsparker
GHDB, etc.

Applications are the crown jewels of our digital lives, holding sensitive data and controlling critical systems. Yet, poorly secured apps create gaping holes in our cyber defenses, making them prime targets for attackers.
Identifying and understanding common application vulnerabilities
Implementing secure coding practices in development
Conducting penetration testing for proactive defense
Designing robust access control mechanisms
Setting up continuous security monitoring for real-time defense

This module delves into the vital role of control centres in safeguarding the complex operations of a rail network. We’ll explore their functions, security vulnerabilities, and essential cybersecurity practices to ensure smooth and secure train movement.
Module contents:
Introduction to Rail Control Centres:
Cybersecurity Threats to Rail Control Centres:
Cybersecurity Best Practices for Rail Control Centres:
Case studies and practical exercises:
Emerging Technologies in Rail Control Centre Security:

This session talks about the need for Security Operation Centre (SOC) for an organisation and how it will help to proactively identity the risk that may be posted by malicious threats.
Technical Information:
What is SOC
SOC concepts
SOC methodology
SOC identification and how to use Tools:
SIEM
IDS
Configurations and live lookup

This module equips you with the essential knowledge and skills to ensure the resilience of rail operations in the face of disruptions. We’ll explore key concepts, best practices, and practical methods for protecting critical systems and restoring operations even in challenging situations.
Module contents:
Understanding Disaster Recovery (DR) and Business Continuity (BC):
Developing a Rail-specific DR/BC Plan:
Cybersecurity-focused DR/BC Practices:
Case studies and practical exercises:
Emerging Technologies for Enhanced DR/BC:

This session explain about modern cyber security design and how to maintain the environment with best practices, standards, procedures and methods
Technical Information:
Cyber Security Network and best practice design
Cyber security resilience
Best Practices of Cyber security in organisations

This module dives into the intricate world of regulations influencing cybersecurity within the railway industry. We’ll explore key regulatory frameworks, compliance challenges, and strategies to navigate the ever-evolving landscape, ensuring your railway operations stay on track.
Module contents:
Understanding Railway Cybersecurity Regulations:
Implementing a Compliance Management System:
Railway-specific Cybersecurity Compliance Considerations:
Case studies and practical exercises:
Emerging Trends in Railway Cybersecurity Regulation:

This session explain about the 20 critical security controls and its components designed for professional everyday utility and a discussion based on other concepts handled
Technical Information:
20 Critical Security Components

The future of cybersecurity is bright, powered by the cutting-edge duo of Artificial Intelligence (AI) and Machine Learning (ML). By embracing AI and ML, you can build defenses that are not just reactive, but proactive, predictive, and ever-evolving – a true fortress against the ever-changing landscape of cyber threats. Learning Outcomes:
Understand the potential of AI and ML in cybersecurity
Explore key applications like predictive analytics, automation, and threat hunting
Discover how AI can adapt to evolving threats and outsmart attackers
Learn about the future of cybersecurity powered by these groundbreaking technologies
Gain insights into how to leverage AI and ML to build a robust security posture

The boot camp comprises of 30 packed hours exhibiting state-of-the-art cyber security tools to try and practice is real world Cyber Environment created for learning purpose. • The boot camp has teams to practice red teaming, blue teaming and white teaming exercise to plan, execute, protect, detect and support features. • More than 20 tools will be used for understanding real world cyber threats and prepare on how to mitigate it.