ENISA has announced the release of its report – Railway Cybersecurity – Good Practices in Cyber Risk Management for railway organizations.
European railway undertakings (RUs) and infrastructure managers (IMs) need to address cyber risks in a systematic way as part of their risk management processes. This need has become even more urgent since the Network and Information Security (NIS) Directive came into force in 2016.
Objectives of the report
The purpose of the report is to provide European RUs and IMs with applicable methods and practical examples on how to assess and mitigate cyber risks.
The good practices presented are based on feedback from railway stakeholders. They include tools, such as assets and services list, cyber threat scenarios and applicable cybersecurity measures, based on the standards and good practices used in the sector. These resources can be used as a basis for cyber risk management for railway companies. They are therefore intended to be a reference point and to promote collaboration between railway stakeholders across the EU while raising awareness on relevant threats.
