Developing security guidelines and proposals for ERTMS

Cyber Attacks on critical infrastructures are increasing year by year. Digitisation supports smooth process and higher efficiency but on the other provide wider attack surface. Due to the evolving threats and increasing attack vectors regarding industrial systems, security gains more importance in the European standardisation and for the operators. This is also addressed by regulatory bodies like the European Union and has resulted in numerous national and international laws for security in critical infrastructures. 

The ERTMS Security Core Group (ESCG) has been established to analyse threats and risks on common level with the members of the ERTMS Users Group (EUG). By using the experience of security experts of the EUG members, the ESCG aims to establish common security standards for the ERTMS domain to improve future standards and allow migration of existing installations. The analysis will lead to proposals to improve the TSI subsets and provide commonly agreed guidelines for already implemented systems and those to come in near future. 

The objectives of the ESCG in short: 

  • Support the EUG members regarding security in ERTMS  
  • Provide best practice guideline for existing ERTMS implementations to achieve a common level on security in Europe 
  • Develop requirements and specifications for security in ERTMS for future TSI subset releases
  • Establish exchange between ERTMS security experts of the EUG members 
  • Establish exchange with all actors involved in ERTMS and the security of other European railway projects (EULYNX, RCA, OCORA) 
  • Establish exchange on (the impact on) the TSI CCS text with CER  
  • Propose a harmonised security engineering process on a European level in collaboration with the security experts of EULYNX, RCA and OCORA 
  • Provide input to the ERJU (Europe’s Rail Joint Undertaking) System Pillar