Building cyber secure Railway Infrastructure
The European Union Agency for Cybersecurity (ENISA) delivers a joint report with the European Rail Information Sharing and Analysis Center (ISAC) to support the sectorial implementation of the NIS Directive.
The report released is designed to give guidance on building cybersecurity zones and conduits for a railway system.
The approach taken is based on the recently published CENELEC Technical Specification 50701 and is complemented with a guidance to help railway operators with the practical implementation of the zoning process.
The work gathers the experience of the European Rail ISAC and of their members such as European infrastructure managers and railway undertakings, which are Operators of Essential Services (OES) as defined in the Security of Network and Information Systems (NIS) directive and is designed to help them implement the cybersecurity measures needed in the zoning and conduits processes.
A number of requirements are set, such as:
- Identification of all assets and of basic process demands;
- Identification of global corporate risks;
- Performing zoning;
- Checking threats.
A risk assessment process is developed based on standards for the identification of assets and the system considered, and for the partitioning of zones and conduits. The report also addresses the cybersecurity requirements in terms of documentation and suggests a step-by-step approach to follow.
The report is released on the occasion of the General Assembly meeting of the European Rail ISAC which is taking place today.
The EU Agency for Cybersecurity engages closely with the European Rail Agency (ERA) to support the railway sector and is to host a joint event with ERA later this year.