EUROPE: Railway supply industry association UNIFE has called on the European Commission and the EU Agency for Cybersecurity to proactively work to prevent rail networks being interfered with by ‘high-risk non-EU suppliers’, highlighting the critical importance of transport for both supply chains and military mobility.
The call follows the European Commission’s publication of proposals for an update of the 2019 Cybersecurity Act to reflect a worsening geopolitical situation, more sophisticated threats and players including state actors developing capabilities to disrupt critical economic sectors and societal functions. The changes aim to reduce risks posed by third-country suppliers with cybersecurity concerns, simplify and enhance cybersecurity certification, facilitate compliance with existing rules and strengthen cybersecurity agency ENISA to help it support member states in managing threats.
On January 20, the Commission said ‘in today’s geopolitical landscape, supply chain security is no longer just about technical product or service security, but also about risks related to a supplier, particularly dependencies and foreign interference’.
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security & Democracy, said ‘cybersecurity threats are not just technical challenges. They are strategic risks to our democracy, economy and way of life.’
‘Well overdue and well made’
Commenting on the Commission’s proposal, UNIFE said ‘this ambitious reform is well overdue and well made, portraying the Commission as taking concerns about European cyber protection seriously, especially high-risk third country actors’.
UNIFE says embedded technologies within rail systems come under the definition of transport and transmission networks as outlined in the proposal. ‘With new powers and resources, the European Commission and ENISA as a matter of priority need to assess and make specific rulings on unsuitable non-EU technology used on EU rail infrastructure’, said Enno Wiebe, Director General of the European rail suppliers’ association. ‘This may include EU-level alerts and restrictions on high-risk non-EU suppliers producing technology for rail systems, especially considering this is critical infrastructure.’
UNIFE is also calling for the upcoming reforms of the Public Procurement Directives to ensure rail is considered a strategic sector, and for guarantees that EU and member state funds are invested in projects which benefit European economies and industry. ‘This will ensure Europe does not lose control of its rail networks’, said Wiebe.
