European Commission Hosts First Transport Cybersecurity Conference

Transport, like many other areas of society, is becoming increasingly digital. As a result, cybersecurity is one of the main challenges for the sector.
The European Commission has responded to this by teaming up with the European Union Agency for Network and Information Security (ENISA), the European Union Aviation Safety Agency (EASA), the European Maritime Safety Agency (EMSA) and the EU Agency for Railways (ERA). Together, they hosted the 1st Transport Cybersecurity Conference in Lisbon, Portugal, on 23 January 2019.

The EMSA headquarters in Lisbon were the venue for the First Transport Cybersecurity Conference © Travus under licence

Both national authorities and stakeholders attended the conference. Representing all transport modes, they discussed the European Union’s legal framework for cybersecurity. They also talked about ways in which the different sectors could collaborate further.

Importantly, participants agreed they had to share information. To increase their resilience to cybersecurity threats, they also have to share best practices, they said.

Key Points of the Cybersecurity Conference

Cyber-attacks pose a serious and potentially fatal threat. European transport systems must show resilience.

Participants said it was important to look at the human element as well as addressing internet-connected systems. This requires co-operation between technical and operational levels.

So far the EU Directive on Security of Network and Information Systems provides a solid foundation to increase cybersecurity and resilience in transport.

There are non-regulatory actions industry members are and should be taking. These include exchanging information, building capabilities, raising awareness and developing cyber skills. All these aspects should contribute to a cybersecurity culture.

Furthermore, it is vital to work closely with international partners and organisations because transport is both global and interconnected.

The conference also highlighted how important it is for DG MOVE, DG CONNECT, ENISA, EASA, EMSA and ERA to work together on cybersecurity in transport.

These organisations are considering the following actions:

To follow the NIS Directive closely. Cybersecurity must be a regular agenda item during meetings of the Land Transport Security Expert Group (LANDSEC) for example. The European Union will encourage sectoral initiatives that are stated in the Cybersecurity Act. Furthermore, there must be sharing of ideas through meetings and workshops dedicated to the topic. This will bring experts from different transport modes together.

Importantly, DG MOVE will support the development of a cybersecurity toolkit. This will give transport staff training and knowledge on good cybersecurity.

Finally, cyber-dialogues with third countries must continue, as must c0-operation with international organisations.