In the afternoon, the focus on implementing the NIS Directive was initiated by Rossella Mattioli, Security and Resilience of Networks Officer, ENISA1, who presented further details of aspects of cyber security and resilience related to transport infrastructure. ENISA activities were presented, to set the context, and included numerous cyber security related publications, as well as actions such as Cyber Europe - an annual exercise around the IT, telecommunication and cybersecurity industries. The exercise includes technical incidents for the participants to analyse, covering forensic and malware analysis, mobile infection, open source intelligence, drones, etc.
Concerning the NIS Directive, ENISA provides information, advice and support for specific initiatives in areas such as Finance, Internet of Things (IoT), Smart Infrastructure, eHealth and Smart Hospitals, as well as Smart Cities (shown to be systems of systems).
ENISA is now also focused on transport, following events such as the San Francisco railway hacking, and presented cyber security for transport in a Smart Cities context – attack scenarios, threat analysis, good practice/security measures, and collaborations to enhance cyber security. Cooperation is emphasised since common threats are faced. Smart Cars are a new attack surface in the transport area - airports and SCADA were also addressed (reports available online2).
ENISA will soon bring more focus on Rail transport, and recommends in the meantime:
- Consider the cyber security impact on safety.
- Include cyber security in your governance model in order to define liabilities.
- Ensure you consider cyber security in all stages of the life cycle of products and services.
- Consider network connectivity and interdependencies and cascading effects.
- Start reusing existing good practices from other sectors, for example for SCADA.
The goals of ENISA could be a useful reflection for the proposed railway cooperation mechanism:
- Raise the level of awareness on Infrastructure security in Europe.
- Support Private and Public Sector cooperation with focused studies and tools.
- Facilitate information exchange and collaboration.
- Foster the growth of communication networks and industry.
- Enable higher levels of security for Europe’s Infrastructures.
2 ENISA Reports
Airports - https://www.enisa.europa.eu/air
Road - https://www.enisa.europa.eu/
SCADA - https://www.enisa.europa.eu/scada
“CyberSecurity4Rail” Railway Industry Conference - Brussels 4th October 2017
- Welcome and overview: “Co-operation is essential in the quest to manage technology and people for security”
- Cyber security – don’t be a victim: “Information is power and control of information has unexpected consequences”
- The regulators’ view on cyber security: “Multi-modal transport requires data exchange and interconnection”
- Security in the SERA – policy considerations: “The need for common understanding, guidelines and best practices”
- The Network and Information Security Directive (NIS Directive): “A host of European actions in cyber security”
- The railway sector perspective on cyber security: “Integrated approach to security and safety without duplication”
- How airlines protect against cyber-attack: “Adversaries are not systems, but people who are smart and who pursue goals”
- Secure networks for collaborative services: “Networks are the risk – meshed networks provide a segmented and secure response”
- First panel discussion: Product liability, staff training & awareness, information sharing in both safety and security…”
- Cyber security and resilience of transport infrastructure: “Current European initiatives in cyber security supporting Rail”
- Perspectives from a European railway operator: “Trains as data centres – protecting train IT as a cyber-crime target”
- Lessons learned from EU projects SECRET and CYRAIL: “Rail as critical infrastructure requires strong projects to protect it”
- Perspectives of a railway infrastructure manager: “Extensive premises, public accessibility – DB managing security risks”
- The telecommunications view: “Risk management depends on agility”
- The IT provider view: “Understand vulnerability and develop avoidance and mitigation strategies”
- Second panel discussion: “The need for co-ordinated action”
- Closing keynote address: “Achieving an EURail-ISAC, without replication or over-regulation….”
- The Way Forward: “Establishing a European Railway ISAC based on a common understanding”
- Annexe - Conference Evaluation Summary – Consensus