Information published on 25 September 2018 in the UIC electronic newsletter "UIC eNews" Nr 615.

CYRail Final Conference held on 18 September 2018 in Paris

European Project CYRail on rail cybersecurity presents its results during its Final Conference in Paris at UIC headquarters

The CYRail consortium and UIC held the CYRail Final Conference on 18 September at UIC Headquarters in Paris. The conference brought together around 50 participants – including railway suppliers, research groups, railway operators (undertakings and infrastructure managers), EU bodies and standardisation representatives to learn more about cybersecurity for rail and obtain recommendations to address this issue.

Launched in October 2016, and ending on 30 September 2018, CYRail is a two-year collaborative R&D project that has received funding from the Shift2Rail Joint Undertaking under the European Union’s Horizon 2020 research and innovation programme under grant agreement No 730843 addressing the topic “Threat detection and profile protection definition for cybersecurity assessment”. The Consortium was composed of a well-balanced group of 6 partners (Evoleo as coordinator, Euskoiker, Fortiss, UIC, Airbus and ATSEC) from 5 European countries (Portugal, Spain, Germany, France and Sweden) with complementary skills.

The conference was opened by Mr Jacques Colliard, Head of the UIC Security Division, who gave an introductory speech on behalf of UIC. He highlighted UIC’s important role of disseminating the project results, as dissemination is an integral part of its core business of sharing knowledge with its Members. He said: “In the context of increasing digitalisation in the sector, Cybersecurity is a growing constraint and our members are very concerned by the topic and very interested in getting recommendations and standards”.

Mr Thomas Chatelet, representing the European Union Agency for Railways, gave an opening address in which he spoke of the key challenges of cybersecurity and described ERA’s strategy focusing on cooperation building and regulation considerations.

Mr Denis Miglianico, Cenelec TC9X and IEC TC9 Secretary, described the existing framework for standardisation and the ongoing work within TC 9X – WG 26 which was created in June 2017 to produce technical specifications regarding lifecycle, cybersecurity risk assessment, security requirements, acceptance process, operational and maintenance requirements.
To conclude the opening session, Mr Francisco Marques, on behalf of Mr Marc Antoni, Director of the UIC Rail System Department, underlined the importance of considering Security and Safety together, saying that “There is a real need for a “railway system” approach to address cyber security issues”.
The developments and achieved results in the project were then presented by the various work package leaders. The presentations covered risk assessment methodology, early attack and anomaly detection, risk mitigation and countermeasures specification, enhanced alerting and collaborative incident management, cyber resilience mechanism and security requirements specified in protection profile for network separation mechanism.
CYRail results will benefit:

  • Shift2Rail which has funded the project: CYRail has worked together with Shift2Rail X2Rail-1 Project, providing inputs for WP8 – Cybersecurity, to create baselines for future Cybersecure railway signalling systems.
  • Public transport infrastructure managers and operators: CYRail raises awareness on cyber security issues and provides a methodology to access the associated risk, and examples of tools and their integration for Threats Identification and Management.
  • Standardisation Bodies: CYRail provides guidance, based on the best IT industry approaches, for a truly interconnected public transport mode.
  • Rail system providers: CYRail showcases, how threat identification and management, along with countermeasures and mitigations techniques and resilience mechanisms, can greatly decrease the risks of railway transport.
  • Passengers: CYRail contributes to safer public transport with less disruption to daily lives.

The public deliverables, CYRail recommendations brochure, and the presentations given during the day are available on the dedicated website at http://www.cyrail.eu/

For further information please contact Marie-Hélène Bonneau, Senior Advisor Security Division:

bonneau@uic.org