ENISA supports the development of cybersecurity capabilities in the Railway Sector
Rail sector
The Railway Sector is undergoing a major transformation of its operations, systems and infrastructure due to the digitisation of OT and IT systems and infrastructure, the automation of railway processes, the issues of mass transit and the increasing numbers of interconnections with external and multimodal systems.
The main players within this sector are the railway undertakings (RU), in charge of providing services for the transport of goods and/or passengers by rail, and the infrastructure managers (IM), in charge of establishing, managing and maintaining railway infrastructure and fixed installations, including traffic management, control-command and signalling, but also station operation and train power supply. Both are within the scope of the NIS Directive, and their identification as operators of essential service (OES) respects the transposition of laws to the majority of Member States.
The European Union Agency for Cybersecurity supports cybersecurity capabilities in the Railway Sector by:
- Issuing guidance and recommendations together with the community
- Organising physical and virtual events;
- Participating in discussions with the railway community on regulatory matters;
- Validating activities through a dedicated subgroup in TRANSSEC;
- Contributing to the standardisation of activities.