The conference was attended by over 120 experts from the rail, IT, and cybersecurity industries. Sponsored and organized by Hit Rail, specialists in secure communications solutions for the rail sector, the conference provided a forum to consider the current state of cybersecurity, legislative proposals within the EU, and discuss how the rail industry can cooperate to respond more effectively.
Conference participants discussed their support for the proposed EURail-ISAC and how it could be established with the support of organizations such as ENISA (European Union Agency for Cybersecurity). They also discussed how this initiative could be combined with other physical security initiatives on railways, such as the Common Incident Reporting System coordinated by ERA (European Union Agency for Railways), given that these are shared concerns within the rail industry.
Antonio López, CEO of Hit Rail, the conference organizer, stated: “With so many high-level representatives from various organizations and railway cybersecurity experts gathered at the same event, it made sense to discuss solutions for improving cooperation. The speakers’ presentations, the discussions, and the results of the post-conference survey revealed that the majority of attendees are in favor of collaborating to create a cybersecure Single European Rail Area (SERA) by establishing an EU-wide ISAC.”.
The debates are a response to the European Parliament's adoption of the Network and Information Systems Security Directive (NIS Directive). This Directive requires Member States to designate Computer Security Incident Response Teams (CSIRTs), also known as Computer Emergency Response Teams (CERTs). The Directive also establishes a European cooperation group (EU-CSIRT Network), supported by ENISA, which will facilitate the exchange of information between CSIRTs/CERTs on incidents affecting Member States or cross-border incidents.
The NIS Directive emphasizes the need for operators of essential services and digital service providers to take appropriate security measures and notify serious incidents to the relevant national authority (CSIRT/CERT) when they involve a cybersecurity threat.
The CyberSecurity4Rail conference provided an ideal opportunity to discuss the progress to be made. The conference's extensive program included presentations from senior representatives across all industries, including representatives from two EU Directorates concerned with cybersecurity: Carlos Mestre-Zamarreño from DG-MOVE and Dr. Florent Frederix from DG-CONNECT. Other speakers included security expert Corrado Giustozzi from SELTA SpA, Dr. Josef Doppelbauer from ERA, Dr. Libor Lochman from the Community of European Railway and Infrastructure Companies (CER), Marie-Hélène Bonneau from the International Union of Railways (UIC), Rossella Mattioli from ENISA, and numerous senior information security executives from railway organizations and related industries. Hit Rail's technical director, Mick Haynes, gave a detailed presentation on secure networks for collaborative services, and explained how a VPN can protect sensitive data traffic by separating it from other, less secure networks.
In his closing speech, Carlo Borghini, director of Shift2Rail, concluded that the conference had been very constructive and encouraged attendees to collaborate practically, avoiding duplication and divergence, sharing innovation and fighting cybersecurity threats together.
Antonio López, CEO of Hit Rail, stated: “We are delighted with the success of this conference. The high demand for attendance meant we had to expand capacity to 120 attendees, demonstrating the importance of this topic to the industry. The conference has been excellent in its contribution to the sector, exceeding what we, as facilitators, could have anticipated when we conceived it. I am very encouraged by the spirit of cooperation and the shared determination to combat cybersecurity risks and threats.”
