The European Union Agency for Network and Information Security (ENISA) organised the first Conference on Transport Cyber-security, in Lisbon, on January 23. A hundred seventy public and private partners from Europe, representing all transport modes took part in the event and discussed the EU legal framework for cyber-security, its relevance for the transport sector, and explored options for more cooperation.
The conference gave participants the opportunity to analyze cyber-security from a multifaceted and multimodal perspective. They discussed the current legal framework for cyber-security at EU level and its relevance for the transport sector, as well as the need for cooperation in the future.
Maja Markovčić Kostelac, EMSA’s Executive Director, stated:
In this increasingly digital age, we face borderless cyber-security risks and we must take a borderless response to our cooperation across all transport modes
During the discussions, the following points were raised:
- Cyber-attacks targeting transport could lead to serious consequences, result in the loss of lives, and damage the economy. Namely, the transport system should be able to deter attacks and show resilience if they take place. Cyber-security must also ensure safety;
- It is important to look at cyber-security in a holistic manner by addressing not only internet-connected systems, but also the ‘human element’. Cooperation is needed between the technical and operational levels;
- The Directive on Security of Network and Information Systems (NIS Directive) lays a foundation to improve cyber-security and resilience in the transport sector. Where appropriate, specific rules may be needed in certain transport modes;
- Non-regulatory actions should be pursued to deal with cyber threats: information exchange, capabilities building, awareness raising and development of cyber skills. The transport sector should cooperate to set out foundations for a ‘cyber-security culture’;
- As transport is global and interconnected, a close cooperation with international partners and relevant international organisations should continue and be encouraged.
What is more, the discussions show the importance to promote the cooperation between DG MOVE, DG CONNECT, ENISA, EASA, EMSA and ERA to raise the bar for cyber-security in transport. The following actions will be considered:
- Closely follow the NIS Directive implementation giving due consideration to the needs and specificities of each transport mode;
- Encourage the exchange of information and best practices, by including cyber-security as a regular agenda item for discussion in the meetings of the Aviation Security (AVSEC) and Maritime Security (MARSEC) Committees, Stakeholder Advisory Groups on Maritime Security (SAGMAS) and Aviation Security (SAGAS) as well as Land Transport Security Expert Group (LANDSEC).
- Sectorial initiatives will also be encouraged as identified in the recently approved Cyber-security Act;
- Adopt the cross-fertilisation of ideas and experiences among the transport modes by organising meetings or workshops dedicated to cyber-security, and gathering experts from different modes;
- Develop cyber-skills in the transport sector. DG MOVE will support the development of a cyber-security ‘toolkit’ providing appropriate knowledge of good cyber-security practices for transport staff;
- Continue cyber dialogues with third countries and collaborate with international organisations, such as the International Civil Aviation Organization and the International Maritime Organization.