Professional Documents
Culture Documents
1 - Norroy
1 - Norroy
Patrick NORROY
European Commission DG MOVE
Mobility and
Transport
Contents
• Security Climate
• Counter-Terrorism Package
• Cybersecurity
• Conclusion
Mobility and
Transport
Security Climate
Mobility and
Transport
EC Security Study on International & High Speed
rail services
Mobility and
Transport
Toolkit for the protection of MMPT (1)
To create an interactive toolkit for Multi Modal Passenger
Terminal (MMPT) security
To empower multiple actors managing security risk at MMPTs to
identify and effectively take action:
• protecting against range of potential security threats and
• in ensuring coordinated rapid response to an incident
Mobility and
Transport
Toolkit for Multimodal Passenger Terminals (2)
A process which empowers users to:
• Think perpetrator, and threat
• Think opportunity for terrorism/crime, generated by the
design and operation of the MMPT
• Think preventer, and security needs
• Think designer, and the wider requirements for the
business, the users and society
• Think manager
• Think future – resilience and adaptability in the long term
Mobility and
Transport
EU Rail Risk Assessment (1)
Mobility and
Transport
EU Rail Risk Assessment (2)
• First meeting June 2017 considered the 'threat' to EU
Passenger rail transport including the intent and
capability, the likelihood and consequences
• Evaluations were given for 6 different parts of the
railway system e.g. stations, trains, other infrastructure
against 8 types of Modi Operandi e.g. explosives,
firearms, cyber etc. that could be used in an attack
• Second meeting October 2017 assessed the
'vulnerabilities' part of the risk assessment (in closed
session with MS and in open session with stakeholders)
Mobility and
Transport
EU Rail Risk Assessment (3)
Mobility and
Transport
Rail Security Workshop 4 July 2017 (1)
Mobility and
Transport
Rail Security Workshop 4 July 2017 (2)
Mobility and
Transport
18 October 2017 – Counterterrorism Package (1)
Includes measures to support Member States in addressing
the terrorism threat:
Mobility and
Transport
2017 Action Plan to support the Protection of
Public Spaces (2)
• Evolving terrorist threat, all recent attacks have aimed at
public spaces, so-called "soft targets" (e.g. streets,
shopping malls, public transport, museums, concert halls)
Mobility and
Transport
Setting up and facilitating networks (3)
Creating fora for the exchange of good practices, lessons
learnt and to develop guidance materials:
Mobility and
Transport
Outcome of the consultations (2)
• No support for applying the Commission's current regulatory
requirements for aviation security to the rail sector
• Very limited support for a regulatory initiative at the EU
level for rail security including the use of a mandatory
requirement for coordination
• Co-ordination between Member States even where sufficient
can still be improved
• Support increased co-ordination of an informal non-
mandatory nature at EU level in the field of rail security
• This should focus on international passengers rail services
Mobility and
Transport
Possible EU initiative - Problem Definition (1)
• The problem that the initiative aims to tackle is the
increasing risk of harm to rail passengers and staff from
terrorist attacks.
• Given the number of stakeholders, the differences in the
perception of risks, the openness and interconnectivity of
the rail network, the coordination at European level is
often very challenging, and can lead to an insufficient level
of protection across the EU.
Mobility and
Transport
Envisaged actions (2)
Understanding the threat to rail passengers & staff
Collect and share information on rail security incidents and
counter-measures
Implement an EU common methodology for assessing risk
Involve passengers and staff with raising security
awareness – "eyes and ears“
Adequate response to the threat
Reinforce cooperation between the police and railway
companies
Make an inventory of best/good practices
Develop risk management plans for rail
Mobility and
Transport
Envisaged actions (3)
Consistency of mitigation measures in the Member
States
Staff scrutiny and training
Improve station and train security design
Wider use of security technologies and customised security
processes
Coordination mechanism to address transborder effects
Ensure consistency of controls
Set up a European railway security coordination body with
focal points from the Member States
Organise common security exercises
Mobility and
Transport
EU Cyber Threat (1)
• Europol's 2017 Internet Organised Crime Threat
Assessment: 'the global scale, impact and rate of
spread of cyber-attacks over the past year has been
unprecedented'
• Europol: "The global impact of huge cyber-security
events such as the "WannaCry" ransomware epidemic
has taken the threat from cyber-crime to another
level…. major businesses are now targeted on a scale
not seen before and, while (there has been some)
success in disrupting major criminal syndicates
operating online, the collective response is still not good
enough. In particular people and companies everywhere
must do more to better protect themselves"
Mobility and
Transport
EU Cyber Security Strategy (2)
• State of the European Union speech (Sept 2017)
announced creation of a European Cybersecurity Agency
by giving the existing European Network Information
Security Agency a permanent mandate and proposals to
extend its powers
• 2017 Cybersecurity package also contains a draft proposal
for Security certification framework – the EU certification
voluntary system with mandatory requirements
• NIS directive (adopted July 2016) - Member States have
21 months to implement it into national legislation
• Identifies the need for optimal risk management in key
sectors, including transport
Mobility and
Transport
DG MOVE Actions (3)
• DG MOVE produced (2016) risk assessment guidelines for
securing against cyber threats and to strengthen security for
SCADA industrial control systems, data flows in container
transport and the outsourcing of IT services. Distributed via
LANDSEC portal.
• Continuing key issue remains lack of detailed IT technical
knowledge amongst staff dealing with more traditional
security - our next proposed initiative on cyber is the
development of a cyber security toolbox of advice and
support that can be provided to key staff working to mitigate
cyber threats across all modes of transport.
Mobility and
Transport
Concluding remarks
• Commission's commitment to improve passenger rail
security
• Publication of a Commission initiative on rail security
expected in June
• Importance of the activities of the LANDSEC expert group,
which should nevertheless be complemented by additional
drafting work (best practices guidance materiel).
• Importance of the risk assessment methodology and need
to keep it updated
Mobility and
Transport