The Australian Standard AS 7770:2018 – Rail Cyber Security (“The Standard”) specifies the requirements for Rail Transport Operators (RTOs) for managing cyber security risk on the Australian Railway Network.

This guideline accompanies the Standard and provides implementation guidance for organisations seeking to implement (or needing to comply with) the requirements of the Standard.

This guideline needs to be read in conjunction with the Standard.

The Standard applies primarily to rail transport operators (RTOs), industry suppliers, subcontractors and maintenance contractors who are operating in an industry which is facing new and emergent risks of cyber security attack on critical infrastructure and have changed expectations from industry participants for the effective management of cyber security risks.

This guideline has been authored to address a primary audience of engineering and technology managers in these organisations. It is assumed that they have a general understanding of cyber security principles, rail safety, and control systems.

Secondary audiences for this guideline include personnel working in these organisations with interests in governance, leadership, strategy, safety, risk management, programme management, technology and compliance.