Basic protection measures are no longer enough. More cybersecurity expertise is needed to build up secure digital capacities for Europe’s rail sector to charge forward.
On November 13, 2020 — the European Union Agency for Cybersecurity (ENISA) released its Cybersecurity in Railways report at the joint ENISA and European Union Agency for Railways (ERA) webinar to bring awareness to the most pressing cybersecurity challenges facing Europe’s rail sector. The report identifies the current cybersecurity status and challenges, and provides an analysis of the sector’s regulatory context. According to the report, the sector needs enhanced cybersecurity measures to combat challenges and move ahead smoothly. The ENISA publication is based on input gathered over the past two years from operators of essential rail services from 21 EU Member States.
ENISA and the ERA are co-organising today’s webinar to present the Agencies’ joint activities and to stress the importance of cybersecurity to railway stakeholders as they face a complex regulatory system that requires a deep understanding of operational cybersecurity actions. In addition, European rail is undergoing a major transformation of its operations, systems and infrastructure due to digitisation, mass transit and increasing interconnections. This has led to the reallocation of responsibilities, and the separation of railway systems and infrastructure, which both affect the sector’s IT systems and require cybersecurity capabilities. The implementation of these cybersecurity requirements is fundamental for the sector’s digital enhancement and security.
ENISA’s Executive Director Juhan Lepassaar and ERA’s Executive Director Josef Doppelbauer will open the event with keynote speeches focusing on the importance of streamlined actions to enhance cybersecurity and capacity building for the rail sector. This webinar is a first step in the Agencies’ collaboration to boost cybersecurity in the European rail sector. A joint conference is scheduled for March 2021. Today’s webinar is being held virtually at 10:00-11:00 a.m. CET. More can be found on the ERA event page: Free webinar: Cybersecurity in Railways.
Mr. Juhan Lepassaar, Executive Director of the EU Agency for Cybersecurity, stated: “Europe’s rail sector is at the crossroads of digitalisation. Cooperation among all stakeholders, public and private, is one step to tackle the sector’s challenges and protect our core infrastructure, a step in the right direction for the implementation of NIS Directive and a digitally secure Europe.”
The Cybersecurity in Railways report assesses the implementation in Member States of the Networks and Information Security Directive (NIS Directive), the first EU-wide cybersecurity legislation working to enhance cybersecurity across the Union. The ENISA publication points to the numerous challenges cited by operators of essential services when enforcing the NIS Directive, including: an overall lack of cybersecurity awareness in the sector and challenges of operational technology; a strong dependency on the supply chain; the presence of legacy systems; complexities due to the high number of systems to be secured and managed; conflicts between safety and security mind-sets. The report also emphasises the need to find the right balance between cybersecurity, competitiveness and operational efficiency.
The EU Agency for Cybersecurity plays a major role in the implementation of the NIS Directive by supporting Member States and the private sector in achieving a higher level of cybersecurity through the ENISA annual work programme. Over the years, the Agency has collaborated closely with railway undertakings and infrastructure managers on the implementation of the NIS Directive, as well as with the ERA on cybersecurity for the European Rail Traffic Management System. The Agency also supports the European Railway Information Sharing and Analysis Centre (ER-ISAC) and offers expertise in the CEN CENELEC technical committee on Technical Specifications for Rail.
Last year, the Agency teamed up with the ERA, the European Commission (DG MOVE), the European Aviation Safety Agency (EASA) and the European Maritime Safety Agency (EMSA) to produce the first Transportation Cybersecurity Conference, where international organisations, private industry, regulators, academia, and the management of EU Decentralised Agencies and the European Commission highlighted the need for increased cybersecurity across Europe’s transportation sector.
For questions related to the press and interviews, please contact press (at) enisa.europa.eu.