Closing keynote address: “Achieving an EURail-ISAC, without replication or over-regulation...”

Carlo Borghini, Executive Director of Shift2Rail, provided a keynote closure by addressing the panel debates. Sgnr Borghini noted that we are in a sector whose nature, whose IT, and whose services are evolving rapidly with innovations in many quarters.

Shift2Rail was illustrated as a public-private partnership R&I platform for railways working together to drive innovation till 2024. User-centred mobility is emphasised as a priority – putting the user first.

The main conclusions are that advancement starts at the top (cyber hygiene1); done by design; moving from behind to the leading edge; building trust and cooperation within the “railway intelligence community” together with those who can bring outside expertise.

Progress towards a Rail ISAC must define objectives, participation, exchange of information (including with CSIRT/CERT), events reporting, solutions, working together, etc... but not by over-regulation.

Sgnr Borghini concluded that from this very constructive conference we must take away the messages on how to collaborate together in practical ways, reducing replication and divergence, sharing innovation in combatting cyber threats, making Railways safer.

1 Cyber Hygiene definition and profile -

“CyberSecurity4Rail” Railway Industry Conference - Brussels 4th October 2017

Conference Report

  1. Welcome and overview: “Co-operation is essential in the quest to manage technology and people for security”
  2. Cyber security – don’t be a victim: “Information is power and control of information has unexpected consequences”
  3. The regulators’ view on cyber security: “Multi-modal transport requires data exchange and interconnection”
  4. Security in the SERA – policy considerations: “The need for common understanding, guidelines and best practices”
  5. The Network and Information Security Directive (NIS Directive): “A host of European actions in cyber security”
  6. The railway sector perspective on cyber security: “Integrated approach to security and safety without duplication”
  7. How airlines protect against cyber-attack: “Adversaries are not systems, but people who are smart and who pursue goals”
  8. Secure networks for collaborative services: “Networks are the risk – meshed networks provide a segmented and secure response”
  9. First panel discussion: Product liability, staff training & awareness, information sharing in both safety and security…”
  10. Cyber security and resilience of transport infrastructure: “Current European initiatives in cyber security supporting Rail”
  11. Perspectives from a European railway operator: “Trains as data centres – protecting train IT as a cyber-crime target”
  12. Lessons learned from EU projects SECRET and CYRAIL: “Rail as critical infrastructure requires strong projects to protect it”
  13. Perspectives of a railway infrastructure manager: “Extensive premises, public accessibility – DB managing security risks”
  14. The telecommunications view: “Risk management depends on agility”
  15. The IT provider view: “Understand vulnerability and develop avoidance and mitigation strategies”
  16. Second panel discussion: “The need for co-ordinated action”
  17. Closing keynote address: “Achieving an EURail-ISAC, without replication or over-regulation…”
  18. The Way Forward: “Establishing a European Railway ISAC based on a common understanding”
  19. Annexe - Conference Evaluation Summary – Consensus


Media Partners: