🔐 From Complexity to Clarity: A Common Path Toward Cybersecurity in Rail

In a previous post, we introduced the System Pillar: and the work of the Transversal CCS Domain now it’s time to spotlight another essential building block: the Cybersecurity Domain.

As a horizontal domain within Lot 2 of the System Pillar, the Cybersecurity Domain plays a foundational and increasingly strategic role in shaping a safer, more harmonised European railway system.

🔍 Why is this important?

The Cybersecurity team is responsible for defining central security requirements and ensuring alignment with European regulations and international standards. This includes:

  • A general cybersecurity architecture
  • Risk and threat assessments
  • System-specific requirements
  • Integration with shared services

Even though companies can develop secure systems independently, shared specifications create a common framework that simplifies compliance and reduces duplication. That means faster, more efficient, and more cost-effective implementation for everyone in the rail ecosystem.

 

✅ What’s the goal?

To deliver secure, cost-efficient rail products and systems that are fully aligned with EU regulations (such as NIS2, CRA, etc.). The System Pillar documents provide the technical and regulatory foundation to achieve this — offering clear, harmonised guidance for suppliers, integrators, and operators.

By defining shared cybersecurity requirements and how to implement them consistently, these documents help:

  • Ensure sector-wide compliance
  • Simplify implementation for all stakeholders
  • Support interoperability across borders and suppliers
  • Reduce duplication, saving time, cost, and effort

📢 Big news: the Cybersecurity Specification v1.0 has just been published by the System Pillar’s Cybersecurity Domain!

This marks a major milestone, combining the latest regulatory requirements (NIS2, CSA, RED, CRA) with globally recognized standards (ISO 27001, IEC 62443, EN TS 50701, IEC PT 63452).

🧩 Along with the main specification, some supporting documents were published:

  • -Regulatory Requirement tracing (tracing to 8 EU regulations/directives and international standards)
  •  Product Documentation Template (to fulfil EU CRA Annex VII, IEC 62443-4-1 SG1 to SG8, IEC 62443-2-4, EN TS 50701 and IEC PT 63452).
  •  Glossary and References
  •  Supporting documents for a reference system in accordance with CEN TS 50701 and IEC PT 63452
  •  Support for essential functions
  •  System description
  •  Initial Risk Assessment
  •  Threat Catalog

📘 What’s next?

The Cybersecurity Domain is already:

  • Developing training materials to support implementation
  • Performing security gap analyses across the entire EU rail standardisation landscape

🔐 Cybersecurity, when done right, isn’t a barrier — it’s an enabler.

The System Pillar helps bring clarity and structure to a complex landscape — guiding the sector toward secure, compliant, and future-ready railway systems.

For more information visit the ERJU Website