Foreign rail technologies cybersecurity: UNIFE urges EU action

UNIFE says foreign rail technologies cybersecurity should be treated as an urgent priority.

This is reported by the railway transport news portal Railway Supply.

The group is urging the European Commission and the EU Agency for Cybersecurity (ENISA) to use newly expanded powers to scrutinise—and, where appropriate, restrict—technologies used in rail systems, as reported by Railway Pro.

It is pressing the European Commission, ENISA and other relevant authorities to move proactively to prevent high-risk non-EU suppliers rail networks from interfering with European rail networks. UNIFE ties the issue to the critical role of transport for European military mobility and supply chains.

Don’t miss…Vande Bharat Express network grows as services expand nationwide

EU Cybersecurity Act Title IV rail sector powers

Pointing to the revised Cybersecurity Act, UNIFE argues that revised Cybersecurity Act Title IV empowers the European Commission to designate high-risk third countries and ICT suppliers. Those provisions also allow the Commission to bar them from supply chains in critical sectors, including the rail sector, with related material referenced in its Press Corner communication.

UNIFE adds that embedded technologies within rail systems fall under the definition of transport and transmission networks covered by these reforms, as EU Member States continue to invest in, or consider investing in, non-EU technologies on rail networks.

ENISA rail cybersecurity market surveillance

In parallel, UNIFE says ENISA market surveillance exercises can be carried out with national authorities to ensure products do not pose threats to European infrastructure. It also notes that ENISA can help identify new categories of digital products for potential scrutiny. A related overview that references ENISA is available via Railway Supply: EU cybersecurity agency reports threat to rail.

Public Procurement Directives rail sector strategic

UNIFE describes the reform as ambitious and long overdue, saying it shows the European Commission is taking cyber protection in Europe seriously, particularly regarding high-risk third-country actors. It argues that the same risk underpins its call for future reforms to the Public Procurement Directives to treat the rail sector as strategic, while ensuring that European and Member State funds are invested in projects that benefit European economies and industry.

Commenting on the risks posed by foreign rail technologies, UNIFE Director General Enno Wiebe said that, with new powers and resources, the European Commission and ENISA should as a priority assess and make specific rulings on unsuitable non-EU technology used on EU rail infrastructure.

He added that this may include EU-level alerts and restrictions on high-risk non-EU suppliers producing technology for rail systems, especially given this is critical infrastructure. Alongside changes to the Public Procurement Directives, he said, this would help ensure Europe does not lose control of its rail networks.

News on railway transport, industry, and railway technologies from Railway Supply that you might have missed: