Welcome and overview: “Co-operation is essential in the quest to manage technology and people for security”

Helmut Grohman, Chair of Hit Rail, opened the conference and identified that digital security must be in the DNA of the Railway Sector. Herr Grohman shared many examples of recent security breaches that demonstrate widespread practices putting data, information and control systems at risk. Practices inside and outside organisations, as well as company arrangements for cyber security, indicate a broad range of risks arising from technology and people – their relationship is crucial. Herr Grohman emphasised that there are no easy technical solutions to management, but there are management solutions to technology and people. We need to manage technology and people in ways that ensure security, and we can only do that through cooperation in a European sector where everything is interconnected and therefore interdependent.

Herr Grohman clearly states criminals are often one step ahead of so-called security experts, and so time to react is becoming vital - we are in the middle of an intelligence race – and we need to win!

It was noted by Karin Helmstaedt, the conference moderator, that Mr Junker in his “state of the union address”1 emphasised cyber security, and noted that “wannacry”2 affected systems in 150 countries – no country and no organisation is free from the attention of cyber criminals, and collaborative improvement of cyber security is the only remedy.

1 President Juncker “State of the Union” 2017 - https://ec.europa.eu/commission/state-union-2017_en
2 “wannacry” ransomeware attack - https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

“CyberSecurity4Rail” Railway Industry Conference - Brussels 4th October 2017

Conference Report

  1. Welcome and overview: “Co-operation is essential in the quest to manage technology and people for security”
  2. Cyber security – don’t be a victim: “Information is power and control of information has unexpected consequences”
  3. The regulators’ view on cyber security: “Multi-modal transport requires data exchange and interconnection”
  4. Security in the SERA – policy considerations: “The need for common understanding, guidelines and best practices”
  5. The Network and Information Security Directive (NIS Directive):
    “A host of European actions in cyber security”
  6. The railway sector perspective on cyber security: “Integrated approach to security and safety without duplication”
  7. How airlines protect against cyber-attack: “Adversaries are not systems, but people who are smart and who pursue goals”
  8. Secure networks for collaborative services: “Networks are the risk – meshed networks provide a segmented and secure response”
  9. First panel discussion: Product liability, staff training & awareness, information sharing in both safety and security…”
  10. Cyber security and resilience of transport infrastructure: “Current European initiatives in cyber security supporting Rail”
  11. Perspectives from a European railway operator: “Trains as data centres – protecting train IT as a cyber-crime target”
  12. Lessons learned from EU projects SECRET and CYRAIL: “Rail as critical infrastructure requires strong projects to protect it”
  13. Perspectives of a railway infrastructure manager: “Extensive premises, public accessibility – DB managing security risks”
  14. The telecommunications view: “Risk management depends on agility”
  15. The IT provider view: “Understand vulnerability and develop avoidance and mitigation strategies”
  16. Second panel discussion: “The need for co-ordinated action”
  17. Closing keynote address: “Achieving an EURail-ISAC, without replication or over-regulation….”
  18. The Way Forward: “Establishing a European Railway ISAC based on a common understanding”
  19. Annexe - Conference Evaluation Summary – Consensus


Media Partners: