2024: the year of NIS2, CRA and "building bridges in CyberSecurity for Europe”

It looks like unspectacular and inconspicuous, but there are a lot of initiatives in the background to made Europe infrastructure more secure for a digital future.

We start building bridges between IEC, CENELEC and ERJU Working groups, preventing overlapping areas and forcing interfaces between these initiatives. We also getting closer between operator and industry to speed up security in (new) products and services.

?

2025: I’m looking forward to continuing and finishing initiatives from 2024, because Europa’s most clever manager and stakeholders prefer not to stop Europe’s economy. They release resources for these initiatives resulting In positive image and stable working business without negative headlines!

?

Recap 2024: Only a short list of national and international activities and ongoing work in the background!

“IEC 63452 CyberSecurity for Railways”. As first international sector standard we are addressing new technologies like cloud and IoT in a safety environment. And I’m happy about the fact that we could raise up a good relationship and get friends in US, Canada and Japan!

In two (of many) areas of Europe Railway Joint Undertakings (ERJU) and the ERTMS Users group (EUG) , we also work for a secure Europe. While in “Command and Control”, we improve TSI Standards to made safety and signalling it ready for future digital usage, in the Digital Automated Coupling (DAC) working groups looking forward to being made railway more efficient and competitive – including CyberSecurity.

The Sector Initiative Group starts to create common solutions between Railway Operator and Industry. This enables the sector Railway to act within one-voice to official bodies and this are the base to fulfill requirements in a common, economic and efficient way.

I want to thank the officials, which support us in our work all the time. Offer a platform to act and open the door to an excellent working private public partnership model!

Thx to Mrs. Marianthi Theocharidou (Cybersecurity Expert at European Union Agency for Cybersecurity (ENISA), Mr. Fidel Santiago (Policy Officer at the European Commission), Mr. Josef Doppelbauer (Executive Director at European Union Agency for Railways), Mr. Thomas Chatelet (ERTMS Project Officer at European Railway Agency), Mr. ?Enno Wiebe (Chair of UNIFE), Mr. Nicolas Furio (Head of Techn. Affairs in UNIFE), Mr. Jean-Philippe Gachot (Senior Advisor in CER), ?Mr. Michel Ruesen (Managing Director of EUG) and many more!

?

On the other side, there are a lot of initiatives like the CSSP2 Plattform in UIC or activities like ?“CYRUS” (Special Thx to Mrs: Marie-Hélène Bonneau (Head of security division chez UIC) forcing awareness programms. Sector internal ISAC exchange and also the European ISAC Exchange (Special thx to Mr. Jean-Francois Simons (for coordinating and pushing the EU-CI). Not to forget the ENISA-ERA Cybersecurity conference to align CyberSecurity measurements and activities cross legal entity, nations and initiatives!

?

Also on national level, there was a lot of work and initiatives to bring European requirements to the companies. E.g. the CyberSecurity Plattform (CSA) leaded by Stephanie Jakoubi and Wolfgang Schwabl to host the exchange platform between Austrian government and companies. The Kuratorium Sicheres ?sterreich (KS?) or CERT.at leaded by Wolfgang Rosenkranz and especailly to all colleges from the government.

National initiatives to motivate the young generation to be best in class of CyberSec experts, like the CyberSecurity Challenge, pushed and hosted by the Cybersecurity Austria (CSA). Special thx. To Mr. Joe Pichlmayr to push and burn for CyberSecurity more than 15 years.

I also want the thank all the colleges, convenors, sub-group leaders which support and work in these working groups. Often in their free and private time additional to the daily business, which are often not appreciated!

And nevertheless: I want to thank all colleges they work hard and long to raise up security knowledge in my company ?BB and all other colleges in the Interantional InfoSec community.

?

PS: Railway is no production company! All solutions we must build in in over 20 different operating brownfields during operation not noticeable to our customers. They must fulfill over 20 different national specialities and must be able to handle during operation. Also, it must be a technical and economic balanced way. This negotiation takes time but are essential for a working infrastructure!

#era #EU #standardization #cybersecurity #security #railways #enisa #InnoTrans