The European Union Agency for Cybersecurity (ENISA) released in November 2020 its “Cybersecurity in Railways” report to raise awareness about the cybersecurity challenges facing Europe’s railways. The report identifies the current cybersecurity status and challenges as well as proposes cybersecurity measures to combat these challenges and enhance the sector’s security posture. The report is based on data gathered over the last two years from the operators of essential rail services in 21 EU Member States.The EU railway landscapeThe railway sector is a critical infrastructure for the development of the European Union and its member states since it enables the transportation of goods and passengers within countries and across borders. The key entities for the provision of these services are:The railway undertakings (RU), who are responsible for the transport of goods and passengers by rail.The infrastructure managers (IM), who are responsible for the establishment, operation and maintenance of railway infrastructure including traffic management, command, control and signaling, station operation and train power supply.Both entities and the railway sector in total are identified as Operators of Essential Services (OES) in the NIS Directive, and they must be compliant to the security requirements of the Directive. To establish and maintain compliance, railway entities must implement the cybersecurity measures defined by the NIS Directive Cooperation Group, which are grouped in four categories:Governance and ecosystem – Information system security governance and risk managementProtection – identity and access management, physical securityDefense – Crisis management and business continuityResilience – Incident response and man ..
Support the originator by clicking the read the rest link below.
