Lucky to be hosted by the SNCF Technicenter Hellemmes in Lille, France, the third ERCI Cybersecurity Workshop took place in the brand-new study halls of the Technicenter on 27th June 2018. The workshop was organised by the ERCI partner and French rail cluster i-Trans that was able to bring French, further European cybersecurity institutions and companies of all sizes to one table. In total, 35 organisations participated.
At the first roundtable, ERA (European Railway Agency) explained that two important pillars are important for them: safety and interoperability. Cybersecurity clearly belongs to the pillar ‘safety’ and it is the aim of the agency to create a common EU cybersecurity framework regulation. ACN, the French Alliance for Digital Trust, also emphasized the harmonisation of the different certifications and the communication between the different actors as a main point in order to do that. ANSSI, the French National Cybersecurity Agency, explained the difficulty of certifying the cybersecurity of trains, since you have to monitor the integrity of the cybersecurity system along the whole value chain.
At the second roundtable, ALSTOM, the French Railway Safety Authority EPSF, the French Railway Industries Association FIF and CERTIFER confirmed that cybersecurity is a key issue for the development of the railway digitization. To overcome the challenges of cybersecurity in the railway market, ALSTOM, SNCF and Bombardier are, among others, part of the working group CENELEC which is working based on the guideline IEC 62443. Also, FIF just started a new cluster for digital technologies.
Furthermore, the SMEs TECNAU from the Italian/Tuscan railway cluster DITECFER und CERSS from the Saxon/German railway cluster BTS Rail Saxony used the opportunity to present their entities and explained that they have a competitive advantage due to their expert knowledge that enables them to be niche suppliers.
After the presentation of SNCF’s view on cybersecurity, the participants of the workshop were taken to the Electronic and the Equipment Engineering Unit of the SNCF Hellemmes Industrial Technicenter. The Equipment Engineering Unit has acquired state-of-the-art equipment – the BATIR test bench -, enabling it to carry out one of its missions: upgrade maintenance of embedded software on TGV high-speed trainsets. (Source: SNCF brochure about the Engineering Research Office)
The bottom line of the event is that:
- Amongst all participants, from the French and European institutions ERA, ACN, ANSSI to the Big Player ALSTOM, Bombardier, SNCF to the SMEs, there is a wish for a common and suitable cybersecurity and regulation framework in the EU for the whole value chain, esp. SME. In order to do that, we need to open and share our data and methodology and collaborate not only horizontally, but also vertically and cross sectorial.
- Since there will be future contracts for the whole value chain to apply to the cybersecurity standard, SME should prepare and connect with the Big Players to know about the standards that are yet to come.
- Besides arising costs, cybersecurity can also be a business opportunity for SMEs. Either they connect with the Big Players and create jointly new cybersecurity solutions, or SMEs are a niche supplier in that field as TECNAU and CERSS.
Thanks again to i-Trans for organising and SNCF for hosting us in this great brand-new centre! See you at the following cybersecurity workshop in Florence on 8th November 2018 in Florence, Italy!