In smart cities, Intelligent Public Transport systems (IPT) rely on IoT and cyber-physical systems to retrieve, process, and exchange data, however this makes IPT vulnerable to cyber threats.
Recently, a transport network was disrupted for several days due to radio interference with telecommunication systems; failures of ICT central servers has led to the global outages of a metro system; and smart tickets have been hacked for fraud. These threats have an impact on the business and also have potential consequences on the health and safety of citizens.
ENISA has published two studies into cyber threats to IPT systems, which claim that IPT operators and municipalities are only gradually coming to terms with the consequences of such threats. Current limitations include the lack of corporate governance for IPT security and associated investments; difficulties to integrate security for safety systems as cyber security for IPT remains unclear; as well as the lack of a common EU approach to intelligent public transport security.
ENISA makes several key recommendations:
- The European Commission and Member States should foster knowledge exchange and collaboration in cyber security among industry, Member States and municipalities;
- IPT operators should integrate cyber security in their corporate governance;
- IPT operators should develop a clear definition of their security requirements;
- Manufacturers and solution providers should create products/solutions that match the cyber security requirements of IPT end-users.
Read the two documents: