In public transport, digital and networked data has become indispensable. Today’s signalling systems, for example, would be impossible without it. However, as digitalisation increases, so do the risks that come along with it – which is why cyber security is becoming ever more important in public transport.
![Vue de l’intérieur d’une cabine de conduite d’une locomotive moderne qui traverse un tunnel. Plusieurs écrans, des voyants lumineux et des boutons de plusieurs couleurs délimitent le plan de travail du conducteur de locomotive. Le véhicule moteur fait partie d’une rame Flirt du Léman Express.](/bav/en/home/general-topics/safety/cyber-security/_jcr_content/par/image/image.imagespooler.jpg/1713256742866/Führerstand-Leman-Express-Flirt.jpg)
© CFF
It is the responsibility of the transport companies to take precautions against and deal with cyberattacks. As part of its safety supervision responsibility, the Federal Office of Transport (FOT) helps to ensure that companies have adequate measures in place to prevent and deal with cyber risks. The FOT supports ongoing cyber security campaigns in this and other sectors, and does so by making use of existing platforms such as those of the Association of Public Transport (APT), RAILplus and Swissrail.
As a supervisory authority and regulator in this sector, the FOT focuses on the prevention of cyberattacks in public transport. It regularly exchanges information with the National Cyber Security Centre (NCSC) on cyber security topics and the current threat situation. The NCSC too is primarily concerned with prevention tasks, and places a focus on early detection and vulnerability identification. The NCSC is also the main contact point for reporting cyber incidents.
Links
Cybersecurity handbook for public transport companies (in German, French and Italian)
National Cyber Security Centre (NCSC)
NCSC: Cyber incidents / vulnerability
National strategy for the protection of Switzerland against cyber risks (NCS)
Tips on how to stay safe in cyberspace
Cybersecurity Toolkit (europa.eu)
MITRE ATT&CK® – Cyberattack matrix for companies
KOVE – Coordination of transport in the event of an incident (in German, French and Italian)
Railways
Richtlinie Cybersicherheit Eisenbahn (RL CySec-Rail - available in German, French and Italian)
Implementing Provisions to the Railways Ordinance (IP-RailO) (in German and French)
Blog: Directive to support railways in terms of cyber security (in German, French and Italian)