Securing Smart Cities, a not-for-profit global initiative that aims to solve the existing and future cybersecurity problems of smart cities, has contributed to two studies of The European Union Agency for Network and Information Security on the cybersecurity of public transport in a smart city.

The first study, entitled: “Cyber Security and Resilience of Intelligent Public Transport. Good Practices and Recommendations,” focuses on the protection of assets critical to Intelligent Public Transport (IPT) in the context of smart cities. The assets in the study contribute to the normal operation of local public transport networks including metro, buses, light rail and other modes of mass public transport found in smart cities and can be considered as “internal” assets to IPT operators in smart cities. The study identifies these critical assets from a business and societal point of view and highlights good security practices against cyberthreats in order to enhance the resilience of IPT. 

The second study: “Architecture Model of the Transport Sector in Smart Cities,” models the architecture of the transport sector in smart cities and reports on good cybersecurity practices, providing practical, hands-on guidance for IPT operators.

A well-developed and smart public transport system is a must-have for any modern and comfortable city; it is one of the corner stones of the smart city concept. However, a smart public transportation system relies heavily on network communications and IT, potentially rendering the system and the city vulnerable to cyber intrusions. It is therefore vital that cybersecurity is an important part of all smart transport projects.

“The Smart Cities study demonstrates a completely interconnected modern city. However, it is impossible to protect public transport from cyberthreats effectively if you don’t account for how it interacts with city energy, telecommunication and public safety systems. A single weakness in any of these systems could become a stepping stone for an attacker looking to exploit other systems. The attacker could then create an avalanche of events; negatively impacting every part of city life and bringing remarkable economic and social damage.

“It was a great honor for us to share our cybersecurity expertise in public transport and railways with ENISA and the working group. We believe that cooperation between regulators, hardware and software vendors, transport operators and security organizations is the only way to create a truly reliable and protected environment for modern city transport systems,” said Sergey Gordeychik Head of Security Services, Deputy CTO at Kaspersky Lab and Securing Smart Cities contributor.