Rail ISAC feedback kick-off meeting 5 th of June 2018 Lille

TAP/TAF JSG 27 th of June - Prague EIM Technical Advisor - Javier Moreno Introduction

When? On Tuesday the 5 th of June, EIM attended the kick-off RAIL ISAC – Exploratory meeting ‘Creation ISAC - Information Sharing and Analysis Center’ representing the European Rail Infrastructure Managers.

What? This initiative was set up by Infrabel and DB Netze with the support of ENISA (European Union Agency for Network and Information Security). The meeting was hosted by the EUAR and there were different attendees representing RUs, IMs and stakeholders such as HitRail, ERTMS UG, EIM. The European Commission also attended.

Why? The RailISAC should be the placeholder for IMs and RUs to exchange information on cybersecurity threats and best practices to mitigate those. The participants considered that the ISAC should be a sectorial one, including at first only RUs and IMs to be able to develop a culture of trust. Create trust building Community Information Sharing: Incidents, threats, vulnerabilities, mitigation measures, best practices, strategic analysis Analysis: Trends analysis, early warnings Content (1/4)

• Antecedents: • Existing EUROPEAN ISACs • FI ISAC - FINANCIAL • EE ISAC - ENERGY

Ï Content (2/4)

• Presentations: There were different presentations during the meeting: • Presentation from ENISA - FLORIAN PENNINGS (SNE from Netherlands to ENISA) • Presentation made by Infrabel - OLIVER DE VISSCHER AND PETER VAN DEN BOSSCHE • Presentation made by DB Netze - CHRISTIAN SCHLEHUBER • Presentation made by the EUAR - THOMAS CHATELET Content (3/4) Content (4/4) Conclusions ‰Preliminary Steps: - Request from key stakeholders to consider the possibility to share information on cybersecurity in a railway context -EU institutions support the initiative (ERA, ENISA, DG MOVE) -High interest from the sector: • 10 IMs: , DB Netz, Infrabel, , ÖBB, ProRail, RFI, SBB, SNCF R, SZDC • 3 RUs: NS, SNCB, SNCF Mobilités • EIM / ERTMS UG / HitRail • 2 Transport Administrations

‰Info sharing: -Incidents, threats, vulnerability, situation awareness, mitigation measures, best practices, strategic analysis. -Trust building first step: consolidated, stable group needed (building, not enforcing). -Important to set a code of conduct and codify exchange of information on TLP (traffic light protocol) basis

‰ Purpose: -Increase the awareness of cybersecurity in the railway sector (threats, vulnerabilities, lessons learnt…) -Share cybersecurity strategies and to adapt them if necessary -Create EU Railway Cybersecurity points of contact in case of cyber incident having significant impact on EU or National Level

The RAIL ISAC participation is open to IMs and RUs! Any Questions?

Contact Javier Moreno – [email protected]