1 / 23

Update on EU rail security

Update on EU rail security. Patrick NORROY European Commission DG MOVE ITF/UIC/UNECE Rail Security Workshop Leipzig, 23 May 2018. Contents. Security Climate EU Rail Risk Assessment Process Rail Security Workshop Counter-Terrorism Package Consultations on Rail Security

mrushing
Download Presentation

Update on EU rail security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Update on EU rail security Patrick NORROY European Commission DG MOVE ITF/UIC/UNECE Rail Security Workshop Leipzig, 23 May 2018

  2. Contents • Security Climate • EU Rail Risk Assessment Process • Rail Security Workshop • Counter-Terrorism Package • Consultations on Rail Security • Further measures for improving Rail Passenger Security • Cybersecurity • Conclusion

  3. Security Climate • A number of significant terrorist attacks in Europe since 2015 – UK, France, Sweden, Belgium, Spain • Range of modus operandi – firearms, explosives, vehicle ramming, use of knives to attack people, becoming more opportunistic • Incendiary device, Brussels Central Station, June 2017 • Focus on derailing trains with an improvised device in AQAP Inspire Magazine, Summer 2017

  4. EC Security Study on International & High Speed rail services • Performed by Steer Davies Gleave in 2016 at EC request • The Study assesses a range of options to improve rail security and makes recommendations • Member States and Stakeholders represented in the LANDSEC expert group have given comments in 2017

  5. Toolkit for the protection of MMPT (1) To create an interactive toolkit for Multi Modal Passenger Terminal (MMPT) security To empower multiple actors managing security risk at MMPTs to identify and effectively take action: • protecting against range of potential security threats and • in ensuring coordinated rapid response to an incident 12 months (September 2017 to September 2018) Two-day events in May 2018 for all participating operators Future input from Member States and the rail sector are encouraged.

  6. Toolkit for Multimodal Passenger Terminals (2) A process which empowers users to: • Think perpetrator, and threat • Think opportunity for terrorism/crime, generated by the design and operation of the MMPT • Think preventer, and security needs • Think designer, and the wider requirements for the business, the users and society • Think manager • Think future – resilience and adaptability in the long term

  7. EU Rail Risk Assessment (1) • A number of Member States and Stakeholders have called for EU discussions on land transport security to have a greater focus on risk assessment to determine priorities – endorsed at EU Transport Council Dec 2015 • DGs HOME & MOVE have developed a risk assessment process for passenger rail security at EU level based on existing successful security risk assessment process used for the aviation sector

  8. EU Rail Risk Assessment (2) • First meeting June 2017 considered the 'threat' to EU Passenger rail transport including the intent and capability, the likelihood and consequences • Evaluations were given for 6 different parts of the railway system e.g. stations, trains, other infrastructure against 8 types of Modi Operandi e.g. explosives, firearms, cyber etc. that could be used in an attack • Second meeting October 2017 assessed the 'vulnerabilities' part of the risk assessment (in closed session with MS and in open session with stakeholders)

  9. EU Rail Risk Assessment (3) • We considered what is the existing capacity for deterring or detecting an attack and what mitigation measures are in place? • Residual risks are obtained by multiplying the threat and vulnerability scores • The residual risks will provide a focused basis for future discussions in LANDSEC meetings about rail security • The rail security risk assessment will be updated every year

  10. Rail Security Workshop 4 July 2017 (1) • One day public workshop - held as part of consultation with Member States and Stakeholders on rail security and the scope for a possible EU initiative • 3 Panel discussions covered: Risk Assessment, Cooperation and the Human element; Best approach to stimulate technological innovation in rail security and the future of passenger rail security • Concluded that we need an objective assessment of the risks - requiring established cooperation between all the actors

  11. Rail Security Workshop 4 July 2017 (2) • EU should not just focus exclusively on terrorism, but should encompass all incidents with similar consequences, including other forms of crimes • We should be innovative to have stronger security without being intrusive for passengers i.e. retain open, accessible and affordable rail services • Human factors need to be assessed as they are crucial for the use of innovative technologies • We should address security of all rail services

  12. 18 October 2017 – Counterterrorism Package (1) Includes measures to support Member States in addressing the terrorism threat: I. Measures to improve the protection and resilience against terrorism (incl. two Action Plans: on CBRN and on the protection of public spaces); II. Actions tackling the means that support terrorism (including on terrorist financing and explosives precursors); III. Countering radicalisation IV. Dedicated EU funding

  13. 2017 Action Plan to support the Protection of Public Spaces (2) • Evolving terrorist threat, all recent attacks have aimed at public spaces, so-called "soft targets" (e.g. streets, shopping malls, public transport, museums, concert halls) • The Action Plan aims at supporting Member States through 1) dedicated funding, 2) fostering the exchange of best practice 3) establishing and facilitating networks, 4) providing guidance material.

  14. Setting up and facilitating networks (3) Creating fora for the exchange of good practices, lessons learnt and to develop guidance materials: Policy Group: Member States policy makers to advise COM and to work together with Practitioners and Operators Practitioners' Forum: Bringing together law enforcement practitioners and networks Operators' Forum: consisting of different soft target operators, in order to create effective public-private partnerships Subgroups for transport, mass events and entertainment, hospitality, commerce and car rentals.

  15. Consultations on rail security (1) Open public consultation • to give all interested stakeholders the opportunity to provide their views on the problem, on possible solutions and their likely impacts. • It was open from 8 December 2017 until 16 February 2018. Targeted survey • Two survey questionnaires: one for Member State and the other for rail sector organisations. They aimed at gathering specialised input (data and factual information, expert views). • The targeted consultation was open in January for a four-week period.

  16. Outcome of the consultations (2) • No support for applying the Commission's current regulatory requirements for aviation security to the rail sector • Very limited support for a regulatory initiative at the EU level for rail security including the use of a mandatory requirement for coordination • Co-ordination between Member States even where sufficient can still be improved • Support increased co-ordination of an informal non-mandatory nature at EU level in the field of rail security • This should focus on international passengers rail services

  17. Possible EU initiative - Problem Definition (1) • The problem that the initiative aims to tackle is the increasing risk of harm to rail passengers and staff from terrorist attacks. • Given the number of stakeholders, the differences in the perception of risks, the openness and interconnectivity of the rail network, the coordination at European level is often very challenging, and can lead to an insufficient level of protection across the EU.

  18. Envisaged actions (2) Understanding the threat to rail passengers & staff • Collect and share information on rail security incidents and counter-measures • Implement an EU common methodology for assessing risk • Involve passengers and staff with raising security awareness – "eyes and ears“ Adequate response to the threat • Reinforce cooperation between the police and railway companies • Make an inventory of best/good practices • Develop risk management plans for rail

  19. Envisaged actions (3) Consistency of mitigation measures in the Member States • Staff scrutiny and training • Improve station and train security design • Wider use of security technologies and customised security processes Coordination mechanism to address transborder effects • Ensure consistency of controls • Set up a European railway security coordination body with focal points from the Member States • Organise common security exercises

  20. EU Cyber Threat (1) • Europol's 2017 Internet Organised Crime Threat Assessment: 'the global scale, impact and rate of spread of cyber-attacks over the past year has been unprecedented' • Europol: "The global impact of huge cyber-security events such as the "WannaCry" ransomware epidemic has taken the threat from cyber-crime to another level…. major businesses are now targeted on a scale not seen before and, while (there has been some) success in disrupting major criminal syndicates operating online, the collective response is still not good enough. In particular people and companies everywhere must do more to better protect themselves"

  21. EU Cyber Security Strategy (2) • State of the European Union speech (Sept 2017) announced creation of a European Cybersecurity Agency by giving the existing European Network Information Security Agency a permanent mandate and proposals to extend its powers • 2017 Cybersecurity package also contains a draft proposal for Security certification framework – the EU certification voluntary system with mandatory requirements • NIS directive (adopted July 2016) - Member States have 21 months to implement it into national legislation • Identifies the need for optimal risk management in key sectors, including transport

  22. DG MOVE Actions (3) • DG MOVE produced (2016) risk assessment guidelines for securing against cyber threats and to strengthen security for SCADA industrial control systems, data flows in container transport and the outsourcing of IT services. Distributed via LANDSEC portal. • Continuing key issue remains lack of detailed IT technical knowledge amongst staff dealing with more traditional security - our next proposed initiative on cyber is the development of a cyber security toolbox of advice and support that can be provided to key staff working to mitigate cyber threats across all modes of transport.

  23. Concluding remarks • Commission's commitment to improve passenger rail security • Publication of a Commission initiative on rail security expected in June • Importance of the activities of the LANDSEC expert group, which should nevertheless be complemented by additional drafting work (best practices guidance materiel). • Importance of the risk assessment methodology and need to keep it updated

More Related