article

How important is an effective cyber-security strategy for the rail sector?

Ahead of his participation at Global Railway Review’s Digital Rail Revolution conference being held in London on 7 November 2019, Tommaso Spanevello, Public Affairs Manager at UNIFE spoke to us about the importance of an effective cyber-security strategy for the rail sector, the opportunities for data-sharing and the need for more cooperation and collaborative research.

How easy is it for the industry to implement measures to safeguard our rail systems from cyber-threats?

Contributing to an effective cyber-security strategy is a core objective for the European rail supply industry. The uptake of digitalisation – through the rise of big data and IoT – redefines rail’s security environment with rail systems becoming more vulnerable to new types of threats. It is therefore important, for rail companies to determine what capabilities they must develop or acquire in order to take full advantage of the data they have while keeping that data safe.

In the 2019-Vision Paper ‘Digital Trends in the Rail Sector’, UNIFE sets its priorities to devise a sound and robust cyber-security strategy. The first step is to develop targeted cyber-security-related skills within each company, notably regarding the detection of cyber-threats and the swift response to them.

Thereafter, security-by-design is another essential piece in the cyber-security chain: Increasing the focus on security aspects during the design process of a product, while ensuring compliance with relevant regulations and standards at an early stage. Research and innovation combined with wide cross-sector cooperation completes the picture to ensure the development of optimal levels of protection against any significant threat.

What do you consider are the biggest hurdles rail continues to face as we get ‘smarter’ and more technically advanced?

UNIFE believes that, in order to fully harness the benefits of data-focused solutions, it is essential to remove barriers to information-sharing between operators (mainline and urban), infrastructure managers and suppliers. Data-sharing would create opportunities to exchange ideas and devise new solutions, enabling the whole sector to develop new knowledge and expertise. Nevertheless, there seems to be little appetite for openness and information-sharing among stakeholders in the rail sector.

Admittedly, there are several types of data which may be regarded as commercially sensitive by rail operators. Therefore, it is necessary to clarify the ownership, access and usage of different types of data. An agreement involving all the relevant parties, together with adequate rules for data-sharing, would appear to be the right step forward.

Furthermore, when it comes to Artificial Intelligence (AI), regulatory complexity linked to the deployment of AI applications can also become a hurdle. Currently, rail must meet strict safety regulations, rules and standards, which were written at a time when AI was merely a concept. Therefore, many existing standards and regulations may have to be reviewed and modified. In this context, ensuring the highest possible levels of safety is a fundamental objective.

How can a joined-up approach to digitalisation be achieved across Europe?

UNIFE is convinced that cooperation among all rail stakeholders is the one element playing a pivotal role in ensuring that our sector successfully embraces the digital transformation and masters the latest trends and services.

A coordinated approach towards digital and technological development within the rail sector is therefore necessary. Rail suppliers and manufacturers are fully engaged in the European Commission’s recent ‘Digital Roundtable’ for rail transport – with UNIFE leading the work on cyber-security.

Close cooperation between suppliers, operators and infrastructure managers is vital to eradicate barriers to data-sharing in the rail ecosystem. Then, exchanging knowledge and strengthening synergies with other concerned businesses on cyber-security will help rail stakeholders to develop effective measures to protect their systems against cyber-threats.

Cooperation and collaborative research are also at the heart of the Shift2Rail Joint Undertaking model, bringing together whole rail innovation ecosystems. Finally, transparent collaboration between suppliers, railway undertakings and infrastructure managers will be needed in order to maximise the contribution of AI-based technologies to the rail sector.