Enhancing Rail Security in the European Union

 
Update on EU rail security
 
Patrick NORROY
European Commission DG MOVE
 
 
 ITF/UIC/UNECE Rail Security Workshop
Leipzig, 23 May 2018
 
Contents
 
Security Climate
EU Rail Risk Assessment Process
Rail Security Workshop
Counter-Terrorism Package
Consultations on Rail Security
Further measures for improving Rail Passenger Security
Cybersecurity
Conclusion
 
Security Climate
 
A number of significant terrorist attacks in Europe since
2015 – UK, France, Sweden, Belgium, Spain
Range of modus operandi – firearms, explosives, vehicle
ramming, use of knives to attack people, becoming
more opportunistic
Incendiary device, Brussels Central Station, June 2017
Focus on derailing trains with an improvised device in
AQAP Inspire Magazine, Summer 2017
 
 
 
EC Security Study on International & High
Speed rail services
 
Performed by Steer Davies Gleave in 2016 at EC request
The Study assesses a range of options to improve rail
security and makes recommendations
Member States and Stakeholders represented in the
LANDSEC expert group have given comments in 2017
 
Toolkit for the protection of MMPT (1)
 
To create an interactive toolkit for Multi Modal Passenger
Terminal (MMPT) security
To empower multiple actors managing security risk at MMPTs to
identify and effectively take action:
protecting against range of potential security threats and
in ensuring coordinated rapid response to an incident
12 months (September 2017 to September 2018)
Two-day events in May 2018 for all participating operators
Future input from Member States and the rail sector are
encouraged.
 
 
Toolkit for Multimodal Passenger Terminals (2)
 
A process which empowers users to:
Think perpetrator, and threat
Think opportunity for terrorism/crime, generated by the
design and operation of the MMPT
Think preventer, and security needs
Think designer, and the wider requirements for the
business, the users and society
Think manager
Think future – resilience and adaptability in the long term
 
EU Rail Risk Assessment (1)
 
A number of Member States and Stakeholders have
called for EU discussions on land transport security to
have a greater focus on risk assessment to determine
priorities – endorsed at EU Transport Council Dec 2015
DGs HOME & MOVE have developed a risk assessment
process for passenger rail security at EU level based on
existing successful security risk assessment process
used for the aviation sector
 
EU Rail Risk Assessment (2)
 
First meeting June 2017 considered the 'threat' to EU
Passenger rail transport including the intent and
capability, the likelihood and consequences
Evaluations were given for 6 different parts of the
railway system e.g. stations, trains, other infrastructure
against 8 types of Modi Operandi e.g. explosives,
firearms, cyber etc. that could be used in an attack
Second meeting October 2017 assessed the
'vulnerabilities' part of the risk assessment (in closed
session with MS and in open session with stakeholders)
 
 
EU Rail Risk Assessment (3)
 
We considered what is the existing capacity for deterring
or detecting an attack and what mitigation measures
are in place?
Residual risks are obtained by multiplying the threat and
vulnerability scores
The residual risks will provide a focused basis for future
discussions in LANDSEC meetings about rail security
The rail security risk assessment will be updated every
year
 
 
 
Rail Security Workshop 4 July 2017 (1)
 
One day public workshop - held as part of consultation
with Member States and Stakeholders on rail security
and the scope for a possible EU initiative
3 Panel discussions covered: Risk Assessment,
Cooperation and the Human element; Best approach to
stimulate technological innovation in rail security and
the future of passenger rail security
Concluded that we need an objective assessment of the
risks - requiring established cooperation between all the
actors
 
Rail Security Workshop 4 July 2017 (2)
 
EU should not just focus exclusively on terrorism, but
should encompass all incidents with similar
consequences, including other forms of crimes
We should be innovative to have stronger security
without being intrusive for passengers i.e. retain open,
accessible and affordable rail services
Human factors need to be assessed as they are crucial
for the use of innovative technologies
We should address security of all rail services
 
 
18 October 2017 – Counterterrorism Package (1)
 
Includes measures to support Member States in addressing
the terrorism threat:
I. Measures to improve the protection and resilience against
terrorism (incl. two Action Plans: on CBRN and on the
protection of public spaces);
II. Actions tackling the means that support terrorism
(including on terrorist financing and explosives precursors);
III. Countering radicalisation
IV. Dedicated EU funding
 
2017 Action Plan to support the Protection of
Public Spaces (2)
 
Evolving terrorist threat, all recent attacks have aimed at
public spaces, so-called "soft targets" (e.g. streets, shopping
malls, public transport, museums, concert halls)
The Action Plan aims at supporting Member States through
 
1) dedicated funding,
 
2) fostering the exchange of best practice
 
3) establishing and facilitating networks,
 
4) providing guidance material.
 
Setting up and facilitating networks (3)
 
Creating fora for the exchange of good practices, lessons
learnt and to develop guidance materials:
Policy Group: Member States policy makers to advise COM
and to work together with Practitioners and Operators
Practitioners' Forum: Bringing together law enforcement
practitioners and networks
Operators' Forum: consisting of different soft target operators,
in order to create effective public-private partnerships
Subgroups for transport, mass events and entertainment,
hospitality, commerce and car rentals.
 
 
Consultations on rail security (1)
 
Open public consultation
to give all interested stakeholders the opportunity to provide
their views on the problem, on possible solutions and their
likely impacts.
It was open from 8 December 2017 until 16 February 2018.
 
Targeted survey
Two survey questionnaires: one for Member State and the
other for rail sector organisations. They aimed at gathering
specialised input (data and factual information, expert views).
The targeted consultation was open in January for a four-
week period.
 
Outcome of the consultations (2)
 
No support for applying the Commission's current regulatory
requirements for aviation security to the rail sector
Very limited support for a regulatory initiative at the EU level
for rail security including the use of a mandatory
requirement for coordination
Co-ordination between Member States even where sufficient
can still be improved
Support increased co-ordination of an informal non-
mandatory nature at EU level in the field of rail security
This should focus on international passengers rail services
 
The problem that the initiative aims to tackle is the
increasing risk of harm to rail passengers and staff from
terrorist attacks.
Given the number of stakeholders, the differences in the
perception of risks, the openness and interconnectivity of
the rail network, the coordination at European level is often
very challenging, and can lead to an insufficient level of
protection across the EU.
 
Possible EU initiative - Problem Definition (1)
 
Understanding the threat to rail passengers & staff
Collect and share information on rail security incidents and
counter-measures
Implement an EU common methodology for assessing risk
Involve passengers and staff with raising security
awareness – "eyes and ears“
Adequate response to the threat
Reinforce cooperation between the police and railway
companies
Make an inventory of best/good practices
Develop risk management plans for rail
 
 
Envisaged actions (2)
 
Consistency of mitigation measures in the Member
States
Staff scrutiny and training
Improve station and train security design
Wider use of security technologies and customised security
processes
Coordination mechanism to address transborder effects
Ensure consistency of controls
Set up a European railway security coordination body with
focal points from the Member States
Organise common security exercises
 
 
Envisaged actions (3)
 
EU Cyber Threat (1)
 
Europol's 2017 Internet Organised Crime Threat
Assessment: 'the global scale, impact and rate of spread
of cyber-attacks over the past year has been
unprecedented'
Europol: "The global impact of huge cyber-security
events such as the "WannaCry" ransomware epidemic
has taken the threat from cyber-crime to another
level…. major businesses are now targeted on a scale
not seen before and, while (there has been some)
success in disrupting major criminal syndicates
operating online, the collective response is still not good
enough. In particular people and companies everywhere
must do more to better protect themselves"
 
EU Cyber Security Strategy (2)
 
State of the European Union speech (Sept 2017)
announced creation of a European Cybersecurity Agency
by giving the existing European Network Information
Security Agency a permanent mandate and proposals to
extend its powers
2017 Cybersecurity package also contains a draft proposal
for Security certification framework – the EU certification
voluntary system with mandatory requirements
NIS directive (adopted July 2016) - Member States have
21 months to implement it into national legislation
Identifies the need for optimal risk management in key
sectors, including transport
 
DG MOVE Actions (3)
 
DG MOVE produced (2016) risk assessment guidelines for
securing against cyber threats and to strengthen security for
SCADA industrial control systems, data flows in container
transport and the outsourcing of IT services. Distributed via
LANDSEC portal.
Continuing key issue remains lack of detailed IT technical
knowledge amongst staff dealing with more traditional
security - our next proposed initiative on cyber is the
development of a cyber security toolbox of advice and
support that can be provided to key staff working to mitigate
cyber threats across all modes of transport.
 
Concluding remarks
 
Commission's commitment to improve passenger rail
security
Publication of a Commission initiative on rail security
expected in June
Importance of the activities of the LANDSEC expert group,
which should nevertheless be complemented by additional
drafting work (best practices guidance materiel).
Importance of the risk assessment methodology and need
to keep it updated
Slide Note
Embed
Share

Explore the latest updates on EU rail security, including discussions on counter-terrorism measures, consultations for improving passenger security, cybersecurity concerns, and a toolkit for protecting Multi-Modal Passenger Terminals (MMPT). The presentation covers recent terrorist attacks in Europe, a security study on international and high-speed rail services, and initiatives to empower stakeholders in managing rail security risks effectively.


Uploaded on Aug 04, 2024 | 4 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Update on EU rail security Patrick NORROY European Commission DG MOVE ITF/UIC/UNECE Rail Security Workshop Leipzig, 23 May 2018 Mobility and Transport

  2. Contents Security Climate EU Rail Risk Assessment Process Rail Security Workshop Counter-Terrorism Package Consultations on Rail Security Further measures for improving Rail Passenger Security Cybersecurity Conclusion Mobility and Transport

  3. Security Climate A number of significant terrorist attacks in Europe since 2015 UK, France, Sweden, Belgium, Spain Range of modus operandi firearms, explosives, vehicle ramming, use of knives to attack people, becoming more opportunistic Incendiary device, Brussels Central Station, June 2017 Focus on derailing trains with an improvised device in AQAP Inspire Magazine, Summer 2017 Mobility and Transport

  4. EC Security Study on International & High Speed rail services Performed by Steer Davies Gleave in 2016 at EC request The Study assesses a range of options to improve rail security and makes recommendations Member States and Stakeholders represented in the LANDSEC expert group have given comments in 2017 Mobility and Transport

  5. Toolkit for the protection of MMPT (1) To create an interactive toolkit for Multi Modal Passenger Terminal (MMPT) security To empower multiple actors managing security risk at MMPTs to identify and effectively take action: protecting against range of potential security threats and in ensuring coordinated rapid response to an incident 12 months (September 2017 to September 2018) Two-day events in May 2018 for all participating operators Future input from Member States and the rail sector are encouraged. Mobility and Transport

  6. Toolkit for Multimodal Passenger Terminals (2) A process which empowers users to: Think perpetrator, and threat Think opportunity for terrorism/crime, generated by the design and operation of the MMPT Think preventer, and security needs Think designer, and the wider requirements for the business, the users and society Think manager Think future resilience and adaptability in the long term Mobility and Transport

  7. EU Rail Risk Assessment (1) A number of Member States and Stakeholders have called for EU discussions on land transport security to have a greater focus on risk assessment to determine priorities endorsed at EU Transport Council Dec 2015 DGs HOME & MOVE have developed a risk assessment process for passenger rail security at EU level based on existing successful security risk assessment process used for the aviation sector Mobility and Transport

  8. EU Rail Risk Assessment (2) First meeting June 2017 considered the 'threat' to EU Passenger rail transport including the intent and capability, the likelihood and consequences Evaluations were given for 6 different parts of the railway system e.g. stations, trains, other infrastructure against 8 types of Modi Operandi e.g. explosives, firearms, cyber etc. that could be used in an attack Second meeting October 2017 assessed the 'vulnerabilities' part of the risk assessment (in closed session with MS and in open session with stakeholders) Mobility and Transport

  9. EU Rail Risk Assessment (3) We considered what is the existing capacity for deterring or detecting an attack and what mitigation measures are in place? Residual risks are obtained by multiplying the threat and vulnerability scores The residual risks will provide a focused basis for future discussions in LANDSEC meetings about rail security The rail security risk assessment will be updated every year Mobility and Transport

  10. Rail Security Workshop 4 July 2017 (1) One day public workshop - held as part of consultation with Member States and Stakeholders on rail security and the scope for a possible EU initiative 3 Panel discussions covered: Risk Assessment, Cooperation and the Human element; Best approach to stimulate technological innovation in rail security and the future of passenger rail security Concluded that we need an objective assessment of the risks - requiring established cooperation between all the actors Mobility and Transport

  11. Rail Security Workshop 4 July 2017 (2) EU should not just focus exclusively on terrorism, but should encompass all incidents with similar consequences, including other forms of crimes We should be innovative to have stronger security without being intrusive for passengers i.e. retain open, accessible and affordable rail services Human factors need to be assessed as they are crucial for the use of innovative technologies We should address security of all rail services Mobility and Transport

  12. 18 October 2017 Counterterrorism Package (1) Includes measures to support Member States in addressing the terrorism threat: I. Measures to improve the protection and resilience against terrorism (incl. two Action Plans: on CBRN and on the protection of public spaces); II. Actions tackling the means that support terrorism (including on terrorist financing and explosives precursors); III. Countering radicalisation IV. Dedicated EU funding Mobility and Transport

  13. 2017 Action Plan to support the Protection of Public Spaces (2) Evolving terrorist threat, all recent attacks have aimed at public spaces, so-called "soft targets" (e.g. streets, shopping malls, public transport, museums, concert halls) The Action Plan aims at supporting Member States through 1) dedicated funding, 2) fostering the exchange of best practice 3) establishing and facilitating networks, 4) providing guidance material. Mobility and Transport

  14. Setting up and facilitating networks (3) Creating fora for the exchange of good practices, lessons learnt and to develop guidance materials: Policy Group: Member States policy makers to advise COM and to work together with Practitioners and Operators Practitioners' Forum: Bringing together law enforcement practitioners and networks Operators' Forum: consisting of different soft target operators, in order to create effective public-private partnerships Subgroups for transport, mass events and entertainment, hospitality, commerce and car rentals. Mobility and Transport

  15. Consultations on rail security (1) Open public consultation to give all interested stakeholders the opportunity to provide their views on the problem, on possible solutions and their likely impacts. It was open from 8 December 2017 until 16 February 2018. Targeted survey Two survey questionnaires: one for Member State and the other for rail sector organisations. They aimed at gathering specialised input (data and factual information, expert views). The targeted consultation was open in January for a four- week period. Mobility and Transport

  16. Outcome of the consultations (2) No support for applying the Commission's current regulatory requirements for aviation security to the rail sector Very limited support for a regulatory initiative at the EU level for rail security including the use of a mandatory requirement for coordination Co-ordination between Member States even where sufficient can still be improved Support increased co-ordination of an informal non- mandatory nature at EU level in the field of rail security This should focus on international passengers rail services Mobility and Transport

  17. Possible EU initiative - Problem Definition (1) The problem that the initiative aims to tackle is the increasing risk of harm to rail passengers and staff from terrorist attacks. Given the number of stakeholders, the differences in the perception of risks, the openness and interconnectivity of the rail network, the coordination at European level is often very challenging, and can lead to an insufficient level of protection across the EU. Mobility and Transport

  18. Envisaged actions (2) Understanding the threat to rail passengers & staff Collect and share information on rail security incidents and counter-measures Implement an EU common methodology for assessing risk Involve passengers and awareness "eyes and ears Adequate response to the threat Reinforce cooperation between the police and railway companies Make an inventory of best/good practices Develop risk management plans for rail staff with raising security Mobility and Transport

  19. Envisaged actions (3) Consistency of mitigation measures in the Member States Staff scrutiny and training Improve station and train security design Wider use of security technologies and customised security processes Coordination mechanism to address transborder effects Ensure consistency of controls Set up a European railway security coordination body with focal points from the Member States Organise common security exercises Mobility and Transport

  20. EU Cyber Threat (1) Europol's 2017 Internet Organised Crime Threat Assessment: 'the global scale, impact and rate of spread of cyber-attacks over the past year has been unprecedented' Europol: "The global impact of huge cyber-security events such as the "WannaCry" ransomware epidemic has taken the threat from cyber-crime to another level . major businesses are now targeted on a scale not seen before and, while (there has been some) success in disrupting major criminal syndicates operating online, the collective response is still not good enough. In particular people and companies everywhere must do more to better protect themselves" Mobility and Transport

  21. EU Cyber Security Strategy (2) State of the European Union speech (Sept 2017) announced creation of a European Cybersecurity Agency by giving the existing European Network Information Security Agency a permanent mandate and proposals to extend its powers 2017 Cybersecurity package also contains a draft proposal for Security certification framework the EU certification voluntary system with mandatory requirements NIS directive (adopted July 2016) - Member States have 21 months to implement it into national legislation Identifies the need for optimal risk management in key sectors, including transport Mobility and Transport

  22. DG MOVE Actions (3) DG MOVE produced (2016) risk assessment guidelines for securing against cyber threats and to strengthen security for SCADA industrial control systems, data flows in container transport and the outsourcing of IT services. Distributed via LANDSEC portal. Continuing key issue remains lack of detailed IT technical knowledge amongst staff dealing with more traditional security - our next proposed initiative on cyber is the development of a cyber security toolbox of advice and support that can be provided to key staff working to mitigate cyber threats across all modes of transport. Mobility and Transport

  23. Concluding remarks Commission's commitment to improve passenger rail security Publication of a Commission initiative on rail security expected in June Importance of the activities of the LANDSEC expert group, which should nevertheless be complemented by additional drafting work (best practices guidance materiel). Importance of the risk assessment methodology and need to keep it updated Mobility and Transport

Related


More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#