Cyber security consists of all measures one can take to prevent damage done by a deliberate error, failure or abuse of an information system or computer. The Ministry of Infrastructure and Water Management has given orders to develop ERTMS in such a way that the system is protected against misuse.
Cyber security in the railway sector
The railway sector has been appointed by the government as an essential infrastructure. All parties in the railway sector are already taking cyber security into account with their own risk appetite. For a system like ERTMS that influences the entire sector, a joint approach towards cyber security is important.
In close cooperation with implementation organisations and their stakeholders, the ERTMS Programme Management is investigating applicable international cyber security standards for ERTMS. We have included cyber security requirements in the migration steps.
Risk register
In order to make an inventory of all risks in terms of cyber security and to manage them, the ERTMS Programme Management has a risk register. To this end, the ERTMS Programme Management works together with all (implementing) organisations in the railway sector.
Key management
One of the components of cyber security is key management. The information shared with the ERTMS trains is encrypted. Based on a unique key, the system can recognise a train and ensure the system functions safely.
More about key management
Joint security
With the arrival of ERTMS, the railway sector will work differently. This applies to cyber security as well. Railway companies must define, implement and monitor cyber security measures together to be successful.
The ERTMS Programme Management stimulates parties in the railway industry to make an inventory of cyber risks and to mitigate them together. Not only from their own position, but also taking the interests and requirements of the industry itself into account.