ENISA, the EU Agency for Cybersecurity, and ERA, the EU Agency for Railways, held a jointly organised online conference on rail cybersecurity on 16 and 17 March. The event brought together more than 600 experts from railway organisations, policy, industry, research, standardisation and certification.
The European Commission has proposed the revision of the Network Information Security Directive (NIS2) to strengthen the cybersecurity measures to be adopted by the Member States and applied, among others, by European railway undertakings (RU) and infrastructure managers (IM).
DG MOVE encourages awareness-raising among railway stakeholders by promoting the use of its cybersecurity toolkit, which is available publicly at https://ec.europa.eu/transport/themes/security/cybersecurity_en
Cybersecurity is now a major concern for national safety authorities. The Etablissement public de sécurité ferroviaire (French rail safety authority, the EPSF) has documented the associated challenges in a white paper in collaboration with the French IM and main RU, the French Cybersecurity Agency, ANSSI and ERA. The white paper is available at https://www.era.europa.eu/content/publication-white-paper-cybersecurity-railways_en
Within the framework of standardisation, CENELEC’s Technical Committee 9X, “Electrical and electronic applications for railways”, for European technical specification TS 50701 aims to introduce the requirements as well as provide recommendations for addressing cybersecurity within the railway sector. A published version of the technical specification is expected before the summer.
ERA highlighted three other ongoing activities involving UIC, which are being followed closely by the Agency:
- The European Railway Information Sharing and Analysis Centre (ER-ISAC), hosted by UIC, plays a key role in coordination, sharing of information and strategic vision for railway cybersecurity.
- The UIC Cybersecurity Solution Platform (CSSP) takes a pragmatic approach and aims to categorise concrete solutions for critical railway telecoms networks.
- Shift2Rail’s 4SECURail project with the development of a proposal for a European Computer Security Incident Response Team, which would enable instant sharing of identified threats with targeted railway stakeholders.
It is also worth mentioning the EU SAFETY4RAILS project, which aims to increase railway infrastructure resilience against combined cyber-physical threats. UIC is responsible for coordinating end user requirements and for organising testing and evaluation of the platform to be developed. This two-year project started a few months ago and ERA is a member of the advisory board.
Cybersecurity is a key challenge for the railways, and UIC is actively involved in numerous activities at different levels to respond to this challenge.