Security
Cybersecurity
Objective
The digitalisation of rail increases cybersecurity threats for IT systems of Rail Infrastructure Managers (IMs). This has been recognised in the EU NIS2 Directive and other relevant legislation. They identify IMs as ‘operators of essential services’ and as potential targets for cyberattacks.
IMs are also involved in the pan-European Rail ISAC (Information Sharing and Analysis Centre) Platform, whose objective is to develop and share best practices related to cybersecurity.
EIM in action
- EIM continues to participate in two EC platforms, i.e. “Rail Sec” (EC Rail Passengers Security Platform – EC Expert Group) and “Land Sec” (EC Land Transport Security Platform – EC Expert Group), which meet on a quarterly basis.
- In January 2023, EIM’s WG “Cybersecurity” and WG “Security” were merged to form the new WG “SEC/CYBER”.
- EIM has also created a joint WG “Cybersecurity” with CER and UNIFE.
EIM actions in 2023
- The WG “SEC/CYBER” held its kick-off meeting in February 2023.
- EIM continued to exchange with the rail sector but also other stakeholders on cyber issues, such as the ERTMS User Group (EUG) and the EU Rail JU (System Pillar).
- In late 2023, EIM appointed a new WG Chair who reviewed the WG mandate.
Outlook 2024
- The WG “SEC-CYBER” will increase its exchange with other EIM technical and business WGs of EIM to ensure a harmonised approach to digitalisation and cyber safety of ERA‘s TSIs.
- EIM will engage with ERA in the inclusion of cyber aspects in the future TSIs (CCS, OPE, LOC&PAS, INFRA, ENE…) during the next TSI revision cycle.