The second Transport Cybersecurity Conference organised by DG MOVE took place in Brussels on 2 May 2024, attracting around 300 participants across the transport sector. The conference addressed the evolving cybersecurity threats facing the industry and explored strategies to enhance cybersecurity measures. Speakers and panellists covered various aspects of cybersecurity in transport, including threat assessment, regulatory frameworks, industry practices, cooperation and international collaboration.
The event served as a pivotal platform for shaping future cybersecurity priorities in the transport domain and concluded with a call to continue collaborating and bringing the cybersecurity agenda forward. Based on the discussions, the following key messages were identified:
Cybersecurity threats
The cybersecurity threat in the transport sector is high and evolving, with attackers using sophisticated methods. Transport is the third most targeted sector for cyber-attacks. While no critical incidents in terms of safety have yet occurred, the attacks could cause nuisance, financial losses, and reputational damage.
Vulnerabilities and risks
Legacy systems, the adoption of online and proprietary systems and the integration of emerging technologies like AI and GNSS increase the risks and vulnerabilities in the transport sector. Vulnerability patching and the ability to recover from incidents are critical.
Resilience and preparedness
Enhancing the resilience of transport systems and operations is crucial. Organisations must be prepared for cyber incidents rather than questioning if they will occur. Investing upfront and conducting regular testing and exercises are essential for building resilience.
Collaboration and cooperation
Cooperation, coordination, capacity building, and information sharing among public and private operators are vital for addressing cybersecurity challenges. International collaboration with like-minded partners and organisations, such as ICAO and IMO, is necessary to tackle global cybersecurity threats.
Regulatory framework
The EU has a robust toolbox of cybersecurity regulations in place, but a clear and coherent framework, which avoids overlap, duplication, administrative burden, and streamlines reporting requirements is paramount. Implementation and collaboration between regulators, industry, and other stakeholders are key to effective cybersecurity measures.
Skills shortage
The transport sector faces a skills shortage in cybersecurity. Closing the skills gap, investing in capacity building, and training are crucial for organisations and public administrations to effectively address cybersecurity challenges.