Enhancing Rail Security in the European Union
Explore the latest updates on EU rail security, including discussions on counter-terrorism measures, consultations for improving passenger security, cybersecurity concerns, and a toolkit for protecting Multi-Modal Passenger Terminals (MMPT). The presentation covers recent terrorist attacks in Europe, a security study on international and high-speed rail services, and initiatives to empower stakeholders in managing rail security risks effectively.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Update on EU rail security Patrick NORROY European Commission DG MOVE ITF/UIC/UNECE Rail Security Workshop Leipzig, 23 May 2018 Mobility and Transport
Contents Security Climate EU Rail Risk Assessment Process Rail Security Workshop Counter-Terrorism Package Consultations on Rail Security Further measures for improving Rail Passenger Security Cybersecurity Conclusion Mobility and Transport
Security Climate A number of significant terrorist attacks in Europe since 2015 UK, France, Sweden, Belgium, Spain Range of modus operandi firearms, explosives, vehicle ramming, use of knives to attack people, becoming more opportunistic Incendiary device, Brussels Central Station, June 2017 Focus on derailing trains with an improvised device in AQAP Inspire Magazine, Summer 2017 Mobility and Transport
EC Security Study on International & High Speed rail services Performed by Steer Davies Gleave in 2016 at EC request The Study assesses a range of options to improve rail security and makes recommendations Member States and Stakeholders represented in the LANDSEC expert group have given comments in 2017 Mobility and Transport
Toolkit for the protection of MMPT (1) To create an interactive toolkit for Multi Modal Passenger Terminal (MMPT) security To empower multiple actors managing security risk at MMPTs to identify and effectively take action: protecting against range of potential security threats and in ensuring coordinated rapid response to an incident 12 months (September 2017 to September 2018) Two-day events in May 2018 for all participating operators Future input from Member States and the rail sector are encouraged. Mobility and Transport
Toolkit for Multimodal Passenger Terminals (2) A process which empowers users to: Think perpetrator, and threat Think opportunity for terrorism/crime, generated by the design and operation of the MMPT Think preventer, and security needs Think designer, and the wider requirements for the business, the users and society Think manager Think future resilience and adaptability in the long term Mobility and Transport
EU Rail Risk Assessment (1) A number of Member States and Stakeholders have called for EU discussions on land transport security to have a greater focus on risk assessment to determine priorities endorsed at EU Transport Council Dec 2015 DGs HOME & MOVE have developed a risk assessment process for passenger rail security at EU level based on existing successful security risk assessment process used for the aviation sector Mobility and Transport
EU Rail Risk Assessment (2) First meeting June 2017 considered the 'threat' to EU Passenger rail transport including the intent and capability, the likelihood and consequences Evaluations were given for 6 different parts of the railway system e.g. stations, trains, other infrastructure against 8 types of Modi Operandi e.g. explosives, firearms, cyber etc. that could be used in an attack Second meeting October 2017 assessed the 'vulnerabilities' part of the risk assessment (in closed session with MS and in open session with stakeholders) Mobility and Transport
EU Rail Risk Assessment (3) We considered what is the existing capacity for deterring or detecting an attack and what mitigation measures are in place? Residual risks are obtained by multiplying the threat and vulnerability scores The residual risks will provide a focused basis for future discussions in LANDSEC meetings about rail security The rail security risk assessment will be updated every year Mobility and Transport
Rail Security Workshop 4 July 2017 (1) One day public workshop - held as part of consultation with Member States and Stakeholders on rail security and the scope for a possible EU initiative 3 Panel discussions covered: Risk Assessment, Cooperation and the Human element; Best approach to stimulate technological innovation in rail security and the future of passenger rail security Concluded that we need an objective assessment of the risks - requiring established cooperation between all the actors Mobility and Transport
Rail Security Workshop 4 July 2017 (2) EU should not just focus exclusively on terrorism, but should encompass all incidents with similar consequences, including other forms of crimes We should be innovative to have stronger security without being intrusive for passengers i.e. retain open, accessible and affordable rail services Human factors need to be assessed as they are crucial for the use of innovative technologies We should address security of all rail services Mobility and Transport
18 October 2017 Counterterrorism Package (1) Includes measures to support Member States in addressing the terrorism threat: I. Measures to improve the protection and resilience against terrorism (incl. two Action Plans: on CBRN and on the protection of public spaces); II. Actions tackling the means that support terrorism (including on terrorist financing and explosives precursors); III. Countering radicalisation IV. Dedicated EU funding Mobility and Transport
2017 Action Plan to support the Protection of Public Spaces (2) Evolving terrorist threat, all recent attacks have aimed at public spaces, so-called "soft targets" (e.g. streets, shopping malls, public transport, museums, concert halls) The Action Plan aims at supporting Member States through 1) dedicated funding, 2) fostering the exchange of best practice 3) establishing and facilitating networks, 4) providing guidance material. Mobility and Transport
Setting up and facilitating networks (3) Creating fora for the exchange of good practices, lessons learnt and to develop guidance materials: Policy Group: Member States policy makers to advise COM and to work together with Practitioners and Operators Practitioners' Forum: Bringing together law enforcement practitioners and networks Operators' Forum: consisting of different soft target operators, in order to create effective public-private partnerships Subgroups for transport, mass events and entertainment, hospitality, commerce and car rentals. Mobility and Transport
Consultations on rail security (1) Open public consultation to give all interested stakeholders the opportunity to provide their views on the problem, on possible solutions and their likely impacts. It was open from 8 December 2017 until 16 February 2018. Targeted survey Two survey questionnaires: one for Member State and the other for rail sector organisations. They aimed at gathering specialised input (data and factual information, expert views). The targeted consultation was open in January for a four- week period. Mobility and Transport
Outcome of the consultations (2) No support for applying the Commission's current regulatory requirements for aviation security to the rail sector Very limited support for a regulatory initiative at the EU level for rail security including the use of a mandatory requirement for coordination Co-ordination between Member States even where sufficient can still be improved Support increased co-ordination of an informal non- mandatory nature at EU level in the field of rail security This should focus on international passengers rail services Mobility and Transport
Possible EU initiative - Problem Definition (1) The problem that the initiative aims to tackle is the increasing risk of harm to rail passengers and staff from terrorist attacks. Given the number of stakeholders, the differences in the perception of risks, the openness and interconnectivity of the rail network, the coordination at European level is often very challenging, and can lead to an insufficient level of protection across the EU. Mobility and Transport
Envisaged actions (2) Understanding the threat to rail passengers & staff Collect and share information on rail security incidents and counter-measures Implement an EU common methodology for assessing risk Involve passengers and awareness "eyes and ears Adequate response to the threat Reinforce cooperation between the police and railway companies Make an inventory of best/good practices Develop risk management plans for rail staff with raising security Mobility and Transport
Envisaged actions (3) Consistency of mitigation measures in the Member States Staff scrutiny and training Improve station and train security design Wider use of security technologies and customised security processes Coordination mechanism to address transborder effects Ensure consistency of controls Set up a European railway security coordination body with focal points from the Member States Organise common security exercises Mobility and Transport
EU Cyber Threat (1) Europol's 2017 Internet Organised Crime Threat Assessment: 'the global scale, impact and rate of spread of cyber-attacks over the past year has been unprecedented' Europol: "The global impact of huge cyber-security events such as the "WannaCry" ransomware epidemic has taken the threat from cyber-crime to another level . major businesses are now targeted on a scale not seen before and, while (there has been some) success in disrupting major criminal syndicates operating online, the collective response is still not good enough. In particular people and companies everywhere must do more to better protect themselves" Mobility and Transport
EU Cyber Security Strategy (2) State of the European Union speech (Sept 2017) announced creation of a European Cybersecurity Agency by giving the existing European Network Information Security Agency a permanent mandate and proposals to extend its powers 2017 Cybersecurity package also contains a draft proposal for Security certification framework the EU certification voluntary system with mandatory requirements NIS directive (adopted July 2016) - Member States have 21 months to implement it into national legislation Identifies the need for optimal risk management in key sectors, including transport Mobility and Transport
DG MOVE Actions (3) DG MOVE produced (2016) risk assessment guidelines for securing against cyber threats and to strengthen security for SCADA industrial control systems, data flows in container transport and the outsourcing of IT services. Distributed via LANDSEC portal. Continuing key issue remains lack of detailed IT technical knowledge amongst staff dealing with more traditional security - our next proposed initiative on cyber is the development of a cyber security toolbox of advice and support that can be provided to key staff working to mitigate cyber threats across all modes of transport. Mobility and Transport
Concluding remarks Commission's commitment to improve passenger rail security Publication of a Commission initiative on rail security expected in June Importance of the activities of the LANDSEC expert group, which should nevertheless be complemented by additional drafting work (best practices guidance materiel). Importance of the risk assessment methodology and need to keep it updated Mobility and Transport