The conference organized by ERA and ENISA raises awareness among important railway decision makers, and provides factual solutions to tackle the vulnerabilities caused by cybersecurity threats. As the regulatory framework is of utmost importance, and as it represents the first line of action to defend the European railway system, its relevant aspects are discussed during the event, as well as other EU initiatives aimed at increasing the resilience of the rail sector when exposed to such risks.
Cybersecurity awareness is certainly gaining momentum, incentivizing the rapid development of impactful programmes, such as: threat landscape by ENISA, national Computer Security Incident Response Team (CSIRT) for rail in several Member States, and internal information campaigns in Railway Undertakings.
Considering the information needs expressed by the participants, the discussions are focused on cybersecurity challenges, policy aspects, safety aspects, stakeholders’ feedback on cybersecurity implementation, and standardisation and Research&Innovation. Moreover, speakers deliver hands-on feedback on concrete projects (e.g., how cybersecurity is tackled at SNCF Voyageurs for vehicle design, or how Dutch Railways are coping with the Directive on security of network and information systems), thus relating the theoretical approach to the practice, showcasing the importance of cooperation and data exchange.
“Cybersecurity is a vital topic when discussing about the future of rail, as the European railway system falls under critical infrastructure, and it is exposed to several cyber threats ranging from infrastructure, safety systems, passenger information system, passenger interface to administrative aspects and authority activities” said Josef Doppelbauer, ERA Executive Director. He also added that in his opinion “the sector must reflect and further discuss about considering cybersecurity a design requirement of the system, as safe operations have to be solidly rooted in physical reality. The IT security of the rail system has to be maintained throughout the development, operating, maintenance, and decommissioning.”
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “As the digitalisation of the rail sector takes place, it is likely to face cybersecurity challenges. ERA and ENISA, together with relevant public and private stakeholders, cooperate to identify threats and develop appropriate measures to improve the maturity and preparedness of the sector”
About the ERA – ENISA conference: Further details, Agenda including, are published on ERA’s and ENISA’s websites.
About ENISA: The European Union Agency for Cybersecurity - ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow.
To contact ENISA’s Press Office and access media material: https://www.enisa.europa.eu/media
About the EU Agency for Railways: The European Union Agency for Railways was established in Valenciennes in 2004, and has 188 employees representing more than 22 European Member States.
ERA has been providing EU Member States and the European Commission with technical assistance in the development and implementation of the Single European Railway Area. This comprises enhancing technical interoperability and harmonising rules, promoting simplified access for customers, developing a common approach to safety and safety culture, advising on telematics applications and ERTMS (European Rail Traffic Management System), monitoring National Safety Authorities and Notified Bodies and facilitating the exchange of information between the railway actors in Europe.
Since 16th June 2019 the EU Agency for Railways is mandated to issue single safety certificates and vehicle (type) authorisations valid in multiple European countries and to ensure an interoperable European Rail Traffic Management System.