Boarding towards a safe and secure Public Transport. Mind the gap!

Back to News

ENISA proposes guidance to secure critical assets and data exchange for Intelligent Public Transport in Smart Cities.

In smart cities, Intelligent Public Transport (IPT) rely on IoT and cyber-physical systems to retrieve, process, and exchange data. These technologies bring improvements in the service and the quality of life of citizens.

With these emerging technologies, cyber threats have raised on Intelligent Public Transport. Recently, a transport system was disrupted for several days due to radio interference with telecommunication systems; failures of ICT central servers has led to the global outages of a metro system; smart tickets have been hacked for fraud. These threats have an impact on the business and potential consequences on the health and safety of citizens.

Yet, IPT operators and municipalities are only gradually coming to terms with the consequences of cyber threats. Current limitations include the lack of corporate governance for IPT security and associated investments; difficulties to integrate security for safety systems as cyber security for IPT remains unclear; as well as the lack of a common EU approach to intelligent public transport security.

Through two studies, ENISA raises awareness and provides practical solutions to enhance cyber security. For that purpose, ENISA proposes several key recommendations:

  • The European Commission and Member States should foster knowledge exchange and collaboration in cyber security among industry, Member States and municipalities
  • IPT operators should integrate cyber security in their corporate governance
  • IPT Operators should develop a clear definition of their security requirements
  • Manufacturers and solution providers should create products/solutions that match the cyber security requirements of IPT end-users


Prof. Udo Helmbrecht, Executive Director of ENISA, commented: 'Smart infrastructure and smart devices are no longer a thing of the future, they are currently being rolled out across the EU. ENISA sees the security of such infrastructure as being a key success factor. Ensuring adequate protection of citizens will remove barriers to implementation and help promote economic growth through innovation'.

As smart cities keep growing in significance, ENISA responds by developing two guidelines that highlight good practices 1) to protect the critical assets of an IPT system and 2) to secure data exchanges between an IPT operator and other stakeholders in Connected and Smart Cities.

For full report:

Security and Resilience of Intelligent transportation systems 
Cyber security for Smart Cities: An architecture model for public transport

For technical information:

Dr Cédric Lévy-Bencheton, NIS expert, at cedric.levy-bencheton@enisa.europa.eu

For interviews and press inquiries please contact press@enisa.europa.eu , Tel. +30 2814 409576