Use EU Cyber Powers to investigate and ban foreign rail tech

Use EU Cyber Powers to investigate and ban foreign rail tech

The European Commission and the European Union Agency for Cybersecurity (ENISA) should use new powers to investigate and ban risky non-EU technology used on critical rail infrastructure, as part of yesterdays' brand new reforms.

UNIFE wants the European Commission, ENISA and relevant authorities to proactively work to prevent interference by high-risk non-EU suppliers on EU rail networks, considering how critical transport is to both European military mobility and supply chains.

As part of the updated Cybersecurity Act, Title IV empowers the European Commission to designate high-risk third party countries and ICT vendors, and ban them from the supply chains of critical sectors - including rail.

Embedded technologies within rail systems apply to the definition of transport and transmission networks as outlined in the sweeping reforms, as EU Member States continue to either invest or consider investing in non-EU technologies on rail networks.

ENISA can now work with national authorities in market surveillance exercises to ensure products do not present threats to European infrastructure, while also being able to identify new categories of digital products for which sweeps may be organised.

This ambitious reform is well-overdue and well made, portraying the Commission as taking concerns about European cyber protection seriously, especially high-risk third country actors.

This risk is why UNIFE is strongly calling for the upcoming reforms of the Public Procurement Directives to ensure rail is considered a strategic sector, while also guaranteeing that European and Member State funds are invested in projects which benefit European economies and industry.

As railways are more and more digitalised, UNIFE works closely with the European Commission on matters of cybersecurity. The organisation is also a member of the Cyber Resilience Act Expert Group, which is a separate act that regulates the use security of digital products in the EU.

UNIFE Director General Enno Wiebe stated:

With new powers and resources, the European Commission and ENISA as a matter of priority needs to assess and make specific rulings on unsuitable non-EU technology used on EU rail infrastructure.

This may include EU-level alerts and restrictions on high-risk non-EU suppliers producing technology for rail systems, especially considering this is critical infrastructure. Alongside changes to Public Procurement Directives, this will ensure Europe does not lose control of its rail networks.

This reform by the Commission should be lauded, as it is being proactive about protecting Europe. UNIFE is active on cybersecurity, and will continue to work with policymakers to boost cyber defences.

For more information on UNIFE's work on Cybersecurity please contact:

Luca Cedric Biggiogera
Technical Affairs Manager IT & Cybersecurity
[email protected] / +32 2 626 12 69