Update on EU rail security

Patrick NORROY
European Commission DG MOVE

ITF/UIC/UNECE Rail Security Workshop

Leipzig, 23 May 2018

Mobility and
Transport
 Contents
• Security Climate

• EU Rail Risk Assessment Process

• Rail Security Workshop

• Counter-Terrorism Package

• Consultations on Rail Security

• Further measures for improving Rail Passenger Security

• Cybersecurity

• Conclusion

Mobility and
Transport
 Security Climate

• A number of significant terrorist attacks in Europe since

2015 – UK, France, Sweden, Belgium, Spain
• Range of modus operandi – firearms, explosives, vehicle
ramming, use of knives to attack people, becoming
more opportunistic
• Incendiary device, Brussels Central Station, June 2017

• Focus on derailing trains with an improvised device in

AQAP Inspire Magazine, Summer 2017

Mobility and
Transport
EC Security Study on International & High Speed
rail services

• Performed by Steer Davies Gleave in 2016 at EC

request
• The Study assesses a range of options to improve rail
security and makes recommendations
• Member States and Stakeholders represented in the
LANDSEC expert group have given comments in 2017

Mobility and
Transport
 Toolkit for the protection of MMPT (1)
To create an interactive toolkit for Multi Modal Passenger
Terminal (MMPT) security
To empower multiple actors managing security risk at MMPTs to
identify and effectively take action:
• protecting against range of potential security threats and
• in ensuring coordinated rapid response to an incident

12 months (September 2017 to September 2018)

Two-day events in May 2018 for all participating operators
Future input from Member States and the rail sector are
encouraged.

Mobility and
Transport
Toolkit for Multimodal Passenger Terminals (2)
A process which empowers users to:
• Think perpetrator, and threat
• Think opportunity for terrorism/crime, generated by the
design and operation of the MMPT
• Think preventer, and security needs
• Think designer, and the wider requirements for the
business, the users and society
• Think manager
• Think future – resilience and adaptability in the long term

Mobility and
Transport
 EU Rail Risk Assessment (1)

• A number of Member States and Stakeholders have

called for EU discussions on land transport security to
have a greater focus on risk assessment to determine
priorities – endorsed at EU Transport Council Dec 2015
• DGs HOME & MOVE have developed a risk assessment
process for passenger rail security at EU level based on
existing successful security risk assessment process
used for the aviation sector

Mobility and
Transport
 EU Rail Risk Assessment (2)
• First meeting June 2017 considered the 'threat' to EU
Passenger rail transport including the intent and
capability, the likelihood and consequences
• Evaluations were given for 6 different parts of the
railway system e.g. stations, trains, other infrastructure
against 8 types of Modi Operandi e.g. explosives,
firearms, cyber etc. that could be used in an attack
• Second meeting October 2017 assessed the
'vulnerabilities' part of the risk assessment (in closed
session with MS and in open session with stakeholders)

Mobility and
Transport
 EU Rail Risk Assessment (3)

• We considered what is the existing capacity for

deterring or detecting an attack and what mitigation
measures are in place?
• Residual risks are obtained by multiplying the threat
and vulnerability scores
• The residual risks will provide a focused basis for future
discussions in LANDSEC meetings about rail security
• The rail security risk assessment will be updated every
year

Mobility and
Transport
 Rail Security Workshop 4 July 2017 (1)

• One day public workshop - held as part of consultation

with Member States and Stakeholders on rail security
and the scope for a possible EU initiative
• 3 Panel discussions covered: Risk Assessment,
Cooperation and the Human element; Best approach to
stimulate technological innovation in rail security and
the future of passenger rail security
• Concluded that we need an objective assessment of the
risks - requiring established cooperation between all the
actors

Mobility and
Transport
 Rail Security Workshop 4 July 2017 (2)

• EU should not just focus exclusively on terrorism, but

should encompass all incidents with similar
consequences, including other forms of crimes
• We should be innovative to have stronger security
without being intrusive for passengers i.e. retain open,
accessible and affordable rail services
• Human factors need to be assessed as they are crucial
for the use of innovative technologies
• We should address security of all rail services

Mobility and
Transport
18 October 2017 – Counterterrorism Package (1)
Includes measures to support Member States in addressing
the terrorism threat:

I. Measures to improve the protection and resilience against

terrorism (incl. two Action Plans: on CBRN and on the
protection of public spaces);

II. Actions tackling the means that support terrorism

(including on terrorist financing and explosives precursors);

III. Countering radicalisation

IV. Dedicated EU funding

Mobility and
Transport
2017 Action Plan to support the Protection of
Public Spaces (2)
• Evolving terrorist threat, all recent attacks have aimed at
public spaces, so-called "soft targets" (e.g. streets,
shopping malls, public transport, museums, concert halls)

• The Action Plan aims at supporting Member States through

1) dedicated funding,
2) fostering the exchange of best practice
3) establishing and facilitating networks,
4) providing guidance material.

Mobility and
Transport
 Setting up and facilitating networks (3)
Creating fora for the exchange of good practices, lessons
learnt and to develop guidance materials:

Policy Group: Member States policy makers to advise COM

and to work together with Practitioners and Operators

Practitioners' Forum: Bringing together law enforcement

practitioners and networks

Operators' Forum: consisting of different soft target

operators, in order to create effective public-private
partnerships

Subgroups for transport, mass events and entertainment,

hospitality, commerce and car rentals.
Mobility and
Transport
 Consultations on rail security (1)
Open public consultation
• to give all interested stakeholders the opportunity to provide
their views on the problem, on possible solutions and their
likely impacts.
• It was open from 8 December 2017 until 16 February 2018.
Targeted survey
• Two survey questionnaires: one for Member State and the
other for rail sector organisations. They aimed at gathering
specialised input (data and factual information, expert views).
• The targeted consultation was open in January for a four-
week period.

Mobility and
Transport
 Outcome of the consultations (2)
• No support for applying the Commission's current regulatory
requirements for aviation security to the rail sector
• Very limited support for a regulatory initiative at the EU
level for rail security including the use of a mandatory
requirement for coordination
• Co-ordination between Member States even where sufficient
can still be improved
• Support increased co-ordination of an informal non-
mandatory nature at EU level in the field of rail security
• This should focus on international passengers rail services

Mobility and
Transport
Possible EU initiative - Problem Definition (1)
• The problem that the initiative aims to tackle is the
increasing risk of harm to rail passengers and staff from
terrorist attacks.
• Given the number of stakeholders, the differences in the
perception of risks, the openness and interconnectivity of
the rail network, the coordination at European level is
often very challenging, and can lead to an insufficient level
of protection across the EU.

Mobility and
Transport
 Envisaged actions (2)
Understanding the threat to rail passengers & staff
 Collect and share information on rail security incidents and
counter-measures
 Implement an EU common methodology for assessing risk
 Involve passengers and staff with raising security
awareness – "eyes and ears“
Adequate response to the threat
 Reinforce cooperation between the police and railway
companies
 Make an inventory of best/good practices
 Develop risk management plans for rail

Mobility and
Transport
 Envisaged actions (3)
Consistency of mitigation measures in the Member
States
 Staff scrutiny and training
 Improve station and train security design
 Wider use of security technologies and customised security
processes
Coordination mechanism to address transborder effects
 Ensure consistency of controls
 Set up a European railway security coordination body with
focal points from the Member States
 Organise common security exercises

Mobility and
Transport
 EU Cyber Threat (1)
• Europol's 2017 Internet Organised Crime Threat
Assessment: 'the global scale, impact and rate of
spread of cyber-attacks over the past year has been
unprecedented'
• Europol: "The global impact of huge cyber-security
events such as the "WannaCry" ransomware epidemic
has taken the threat from cyber-crime to another
level…. major businesses are now targeted on a scale
not seen before and, while (there has been some)
success in disrupting major criminal syndicates
operating online, the collective response is still not good
enough. In particular people and companies everywhere
must do more to better protect themselves"
Mobility and
Transport
 EU Cyber Security Strategy (2)
• State of the European Union speech (Sept 2017)
announced creation of a European Cybersecurity Agency
by giving the existing European Network Information
Security Agency a permanent mandate and proposals to
extend its powers
• 2017 Cybersecurity package also contains a draft proposal
for Security certification framework – the EU certification
voluntary system with mandatory requirements
• NIS directive (adopted July 2016) - Member States have
21 months to implement it into national legislation
• Identifies the need for optimal risk management in key
sectors, including transport
Mobility and
Transport
 DG MOVE Actions (3)
• DG MOVE produced (2016) risk assessment guidelines for
securing against cyber threats and to strengthen security for
SCADA industrial control systems, data flows in container
transport and the outsourcing of IT services. Distributed via
LANDSEC portal.
• Continuing key issue remains lack of detailed IT technical
knowledge amongst staff dealing with more traditional
security - our next proposed initiative on cyber is the
development of a cyber security toolbox of advice and
support that can be provided to key staff working to mitigate
cyber threats across all modes of transport.

Mobility and
Transport
 Concluding remarks
• Commission's commitment to improve passenger rail
security
• Publication of a Commission initiative on rail security
expected in June
• Importance of the activities of the LANDSEC expert group,
which should nevertheless be complemented by additional
drafting work (best practices guidance materiel).
• Importance of the risk assessment methodology and need
to keep it updated

Mobility and
Transport