Cybersecurity

Objective

The digitalisation of rail increases cybersecurity threats for IT systems for Rail Infrastructure Managers (IMs) but also Railway Undertakings (RUs). On EU level, cybersecurity is regulated by Directive (EU) 2022/2555 on “Measures for a high common level of cybersecurity across the Union” (NIS2). According to NIS2, Member States have to develop contingency plans against cyberattacks. As IMs are identified as “operators of essential services” and represent potential targets for cyberattacks, the application of measures according to the NIS2 Directive is compulsory. IMs also participate in the pan-European Rail ISAC (Information Sharing and Analysis Centre) Platform, whose objective is to develop and share best practices related to cybersecurity.

EIM in action

  • EIM’s Working Group on “Cybersecurity” (Cyber WG) deals with cybersecurity issues. It aims at advocating the importance of promoting security guidelines instead of mandatory measures due to the different security environments and IT landscapes in the EU.
  • EIM promotes exchanges of information and best practices related to cybersecurity amongst its members and the wider sector.
  • EIM participates in RAILSEC and LANDSEC meetings of the EC to exchange on cybersecurity issues with other stakeholders.
  • EIM coordinates with the sector, ERA, ENISA and DG MOVE on the relevant aspects of the NIS2 regarding cross border railways operations as an essential service.
©FTIA

EIM actions in 2022

  • EIM’s Cyber WG promoted exchanges of best practices among experts of IMs on cyber-risk management, Incident Response, skills and training.
  • EIM followed-up the progress of the legislative process of the new NIS2 Directive. 
  • EIM participated in RAILSEC and LANDSEC meetings and ENISA/ERA activities and webinars related to cybersecurity.
  • EIM promoted the creation of a Joint WG with UNIFE and CER to discuss matters of common interest
  • EIM’s Cyber WG discussed the possibility to merge with the EIM Security WG for a more efficient exchange between these two domains.

Outlook 2023

  • EIM will assess the possibility to merge the Sec WG with the Cyber WG to forge stronger links between the two domains for a more coherent and holistic approach to rail prevention and resilience.
  • EIM will develop new initiatives for a stronger cooperation and exchange with other rail stakeholders (CER and UNIFE) and within the framework of the Rail ISAC platform on cybersecurity.
  • EIM will continue promoting the exchange of best practice among its members on cybersecurity matters.
  • EIM will continue attending the EC LANDSEC and RAILSEC meetings
EU LEGISLATION INFRASTRUCTURE MANAGERS

Infrastructure Security

Objective

Infrastructure security covers several aspects: terror attacks, vandalism, suicides and metal theft. Risk mitigation and exchange of best practice are crucial for all sensitive sectors, especially rail infrastructure. The development of terrorism during these last few years has had a significant impact on the perception of security of public transport systems. While no specific binding European legislation exists in this domain, best practices and an ‘Action Plan’ to improve the security of rail passengers are being developed at European level. Each Rail Infrastructure Manager (IM) ensures the security of its network.

EIM in action

  • EIM’s Security Working Group (Sec WG) gathers security experts who exchange on security issues and measures.
  • EIM advocates the importance of promoting proportional security guidelines instead of mandatory measures due to the different systems in the EU.
  • EIM participates in the EU ‘LANDSEC’ and ‘RAILSEC’ meetings organised by the European Commission.
©ADIF

EIM actions in 2022

  • EIM contributed to exchanges in the EC LANDSEC and RAILSEC groups on the major challenges for IMs related to the security of passengers.
  • The EIM Sec WG held informal meetings to review the focus of the group and the active participation of EIM experts.
  • Considering the overall trends of security issues in the EU, the WG concluded that a merger with the EIM WG Cybersecurity could increase the overall synergies between the two domains and the efficiency of EIM’s management of both WGs. 

Outlook 2023

  • EIM will continue promoting the exchange of best practice between its members on security matters.
  • EIM will continue attending the EC LANDSEC and RAILSEC meetings
  • EIM will assess the possibility to merge the Sec WG with the Cyber WG to forge stronger links between the two domains for a more coherent and holistic approach to rail prevention and resilience.