Awareness on Cybersecurity Survey Question Title * 1. PHYSICAL PROTECTION | My company develops the following systems (possible multiple answers): Wireless communication protection Physical surveillance products (cameras, sensors...) Automatic dangerous object identification IoT for infrastructure monitoring & safety Interlocking security Physical access control Security personnel support (drones...) Other OK Question Title * 2. CYBER PROTECTION | My company develops the following systems (possible multiple answers): Antivirus / Antimalware Access control (for computers...) DDoS protection / prevention systems SIEM (Security Information & Event Management) Network securityIndustrial control systems (SCADA protection) IT protection (computers, servers, database etc.) Other OK Question Title * 3. SERVICES | My company delivers the following services (possible multiple answers): Training Assessments and Recommendations Vulnerability analysis Patching - UpdatingContingency plans Response / Mitigation plans and actions Forensics Recovery plans and actions Incident management Certification Other OK Question Title * 4. CERTIFICATION ISO/IEC 27000 SERIES (Information Security Management System Family of Standards) My company is certified My company is NOT certified OK Question Title * 5. WHAT IS CYBERSECURITY FOR YOU | Assign a value to the answers according to your opinion (1 = most important) 1 2 3 4 5 6 an IT issue 1 2 3 4 5 6 a Human Factor issue 1 2 3 4 5 6 a Technological Development of the Product issue 1 2 3 4 5 6 a Standard / Technological Specifications issue 1 2 3 4 5 6 an issue concerning specific company's competences 1 2 3 4 5 6 an issue concerning the entire company's competences OK Question Title * 6. POTENTIAL CYBER THREATS SOURCES AND ACTORS | Cyberthreats to railway systems come from (select of relevant answers according to your opinion): Terrorists Criminals Competitors Foreign intelligence services Activists Malware developers Employees Other OK Question Title * 7. EXPECTATIONS | I expect cybersecurity will modify the following aspects in the railway sector (possible multiple answers) None Technological / Product aspects Standard / Certification aspects Contractual terms in Supply agreements Responsibility aspects towards the Client Other OK Question Title * 8. NEXT ACTIONS | I am interested to take the following actions as a company (1 = most important) 1 2 3 4 5 6 7 8 9 Develop our cyber security culture 1 2 3 4 5 6 7 8 9 Develop an appropriate cyber security capability 1 2 3 4 5 6 7 8 9 Understand our cyberspace to understand our exposure and the potential impact of cyber attacks 1 2 3 4 5 6 7 8 9 Take a risk-based approach to understand the threats we face, the vulnerabilities or weaknesses in our people or technology, the potential consequences of a cyber incident affecting our businesses, and to manage the exposure of our cyberspace 1 2 3 4 5 6 7 8 9 Have governance for cyber security in our organisations 1 2 3 4 5 6 7 8 9 Ensure appropriate cyber security management of our systems and their interfaces 1 2 3 4 5 6 7 8 9 Work with third-party suppliers to manage cyber security in our supply chain 1 2 3 4 5 6 7 8 9 Ensure cyber security measures are applied through the life of the systems we develop 1 2 3 4 5 6 7 8 9 Prepare for and manage cyber security incidents OK FINE