The Network and Information Security Directive requires ‘operators of essential services’ (OES) to take measures to insure the availability of those services. The FPS Mobility and Transportation explained about the legal and regulatory framework of NIS in Belgium, for subsectors as aviation, navigation, rail and road, as well as the tasks of the FPS itself (identifying services and OES, providing advice, monitoring sectors). The authorities also determine which standard(s) the operators must comply with.
Presentations by key transport actors (NMBS/ SNCB, Infrabel, Eurocontrol among them) discussed concrete efforts made by them, with active input from attendees through questions and answers. The Centre for Cyber Security Belgium announced a platform for incident notification and a FAQ list (to come). Clearly there is an urgent need for more operational technology experts with cyber security expertise (as proposed by HOWEST), more sectorial cyber security guidelines, more ‘information sharing and analysis centers’, as well as better use of available tools (e.g. from ENISA). A particular challenge will be finding experts capable of auditing transport systems, consisting of extremely customized mixes of modern and legacy systems, with proprietary protocols and strict operating conditions.