February 02, 2016 – How we helped ENISA address the security issues of Smart Public Transport

Sergey Gordeychik, Securing Smart Cities contributor, Deputy CTO, Services at Kaspersky Lab


A well-developed and smart public transport system is a must-have for any modern and comfortable city; it is one of the corner stones of the smart city concept. A smart public transportation system relies heavily on network communications and IT, potentially rendering the system and the city vulnerable to cyber intrusions. It is therefore vital that cybersecurity is an important part of all smart transport projects, from the very beginning.
In October last year The European Union Agency for Network and Information Security invited Securing Smart Cities to participate in a workshop on “Cyber Security for Public Transport in Smart Cities”. After that I travelled to Brussels where, together with other security and transportation experts, I examined and discussed the security issues relevant to smart public transportation systems. Now, as a result of that discussion, ENISA has published two interesting studies dedicated to the topic.
The first study, entitled: “Cyber Security and Resilience of Intelligent Public Transport. Good Practices and Recommendations,” focuses on the protection of assets critical to Intelligent Public Transport (IPT) in the context of smart cities. The assets in the study contribute to the normal operation of local public transport networks including metro, buses, light rail and other modes of mass public transport found in smart cities and can be considered as “internal” assets to IPT operators in smart cities. The study identifies these critical assets from a business and societal point of view and highlights good security practices against cyberthreats in order to enhance the resilience of IPT.
The second study: “Architecture Model of the Transport Sector in Smart Cities,” models the architecture of the transport sector in smart cities and reports on good cybersecurity practices, providing practical, hands-on guidance for IPT operators.
This study demonstrates that everything in a modern city is interconnected. However, it is impossible to protect public transport from cyberthreats effectively if you don’t account how it interacts with city energy, telecommunication and public safety systems. A single weakness in any of these systems could become a stepping stone for an attacker looking to exploit other systems. The attacker could then create an avalanche of events; negatively impacting every part of city life and bringing remarkable economic and social damage.
It was a great honor for us to share our cybersecurity expertise in public transport and railways with ENISA and the working group. We believe that cooperation between regulators, hardware and software vendors, transport operators and security organizations is the only way to create a truly reliable and protected environment for modern city transport systems.


You can download both studies here:
Cyber Security and Resilience of Intelligent Public Transport. Good practices and recommendations

Architecture model of the transport sector in Smart Cities.