Digitalisation of the rail systems increases cybersecurity threats for IT systems for Rail Infrastructure Managers (IMs) but also Railway Undertakings (RUs). On EU level, cybersecurity is regulated by Directive (EU) 2016/1148 on the ‘Security of Network and Information Systems’ (NIS). According to NIS, Member States have to develop contingency plans against cyberattacks. As IMs are identified as ‘operators of essential services’ and represent potential targets for cyberattacks, the application of measures according to the NIS Directive is compulsory. IMs also participate in the pan-European Rail ISAC (Information Sharing and Analysis Centre) Platform, whose objective is to develop and share best practices related to cybersecurity.
EIM in action
- EIM has set up a Working Group ‘Security’ (SEC WG) which deals with cybersecurity issues. It aims at advocating the importance of promoting security guidelines instead of mandatory measures due to the different security environments and IT landscapes in the EU;
- EIM promotes best practices in cybersecurity amongst its members and the wider sector;
- EIM participates in RAIL ISAC meetings to exchange on cybersecurity issues with other stakeholders.
- The issue of cybersecurity was discussed at the last HLIM (High-Level Infrastructure Meeting) in June 2018 in Amersfoort (NL) with the CEOs of IMs;
- EIM responded to EU surveys on possible future cybersecurity actions;
- EIM and its members are actively participating in the RAIL ISAC Platform focusing on information and knowledge sharing in the field of cybersecurity.
- EIM’s SEC WG foresees an increasing participation in the Rail ISAC platform dedicated to cybersecurity. Rail ISAC insights will be monitored among EIM members;
- EIM will continue to promote best practice exchange between its members on cybersecurity matters;
- EIM will tackle cybersecurity topics within a new EIM WG ‘Digital’.
Infrastructure security covers several aspects: terror attacks, vandalism, suicides and metal theft. Risk mitigation and exchange of best practice are crucial for all sensitive sectors, especially rail infrastructure. The latest developments in terrorism have had a significant impact on the perception of security of public transport systems. While no specific binding European legislation exists in this domain, best practices and an ‘Action Plan’ to improve the security of rail passengers are being developed on European level. Each Rail Infrastructure Manager (IM) ensures the security of its network.
EIM in action
- EIM’s Security Working Group (SEC WG) gathers security and cybersecurity experts who exchange on security and cybersecurity issues and measures;
- EIM advocates the importance of promoting security guidelines instead of mandatory measures due to the different systems in the EU;
- EIM participates in the EU ‘LANDSEC’ meetings organised by the European Commission.
- EIM was appointed member of the EU ‘Rail Passengers Security Platform’. This Platform supports the implementation of the ‘European Commission’s Action Plan’ to improve the security of rail passengers in the EU;
- EIM responded to various EU surveys on possible future actions;
- The measures adopted so far by the European Commission are in line with the position promoted by EIM.
- EIM will actively participate in the ‘Rail Passenger Security Platform’ and its subgroups, as well as in all EU LANDSEC meetings;
- EIM will continue to promote best practice exchange between its members on security matters.