Standards for trusted cybersecurity and privacy in urban multimodal transport systems

Smart multimodal transport systems provide benefits for the different operators and passengers such as enhanced efficiency and optimization of operations, better alignment between the different systems resulting in lower costs and improved passengers’ satisfaction. But with more smartness there is the increased risk of threats and vulnerabilities ranging from attacks effecting not only single modules but propagating throughout the whole urban transport system and even beyond, impacting the power and finance sectors, as well as attacks on single passengers.

In Europe as well as globally communities working together to tackle these challenges urban multimodal transport systems are facing. These communities consist of operators of transport systems, public authorities, legal and ethical advisors, experts for cybersecurity and privacy, researchers, and representatives from civil societies such as consumer protection organizations. These communities assemble in national, European and international standardization committees working on standards which provide the foundation for making multimodal transport systems intelligent and resilient and so build trust and confidence.

In CitySCAPE a comprehensive overview of the standardization ecosystem in the domain of cybersecurity and data protection relevant for urban multimodal transport systems is elaborated. This ecosystem includes horizontal communities like ISO/IEC JTC 1/SC 27, IEC TC 65, CEN/CENELEC JTC 13 and ETSI TC Cyber dealing with cybersecurity and data protection on general level, and vertical, i.e. sector specific communities like ISO/TC 204, CEN/TC 278 and ETSI TC ITS in the area of Intelligent Transport Systems, ISO/TC 268/SC 1 for smart community infrastructures, or those for road vehicles and railways. Next to the European and International organisations CEN, CENELEC, ETSI, ISO and IEC other standards development organisations like IEEE, IETF, ENISA and NIST are taken into account.

Standards are not only developed by the stakeholders, but they are also used by the market. Demonstrating, that the novel results and tools of CitySCAPE comply with legal requirements and with standards, the confidence in, and the market uptake of, these results and tools can be enhanced. That’s why identified standards are used in CitySCAPE to develop reliable and novel tools such as a mobile app for passengers of multimodal local transport following the “security and privacy by design”-approach. Other examples for the application of standards in the project are a Collaborative Threat Intelligence Platform and to manage cybersecurity related risks in order to define and implement appropriate countermeasures, controls and safeguards. Additionally, standards like the series of ISO/IEC 27000, IEC 62443, ISO/TR 21186-3, Cooperative intelligent transport systems – Guidelines on the usage of standards – Part 3: Security, or ISO/TR 12859, Intelligent transport systems – System architecture – Privacy aspects in ITS standards and systems, will be used to support the elaboration of a security labelling for transport in CitySCAPE.

When applying the standards in CitySCAPE, including large scale pilot demonstrators involving all relevant entities and digital infrastructure of transport provider, it might be, that some requirements in these standards are not of an enabling nature. Such cases will be communicated to the respective standardization committee to provide to them sound evidence for considering the revision of the standard taking into account the validated feedback from CitySCAPE. This in turn contributes to improved market acceptance of CitySCAPE results and tools.

The Organisation

Austrian Standards International (A.S.I.), established in 1920, is the Austrian, not-for-profit standardization body, member of the European Committee for Standardization CEN, the International Organisation for Standardization ISO and the European Telecommunication Standards Institute (ETSI). A.S.I.’s committed team forms part of a large network comprising 4,200 Austrian experts in a dialogue with European and international experts. A.S.I. makes it possible for everyone to take part in shaping standards and facilitate access to, and the application of, internationally recognized expertise. This supports the interests of business, consumers, administration, science and research as well as society at large. Austrian Standards is one of eight Standards Development Organisations (BSI, DKE/VDE, IEEE, CESI, IEC, NSAI and OVE) having founded the “Open Community for Ethics in Autonomous and Intelligent Systems” (OCEANIS), which is a global forum fostering cooperation in the development and use of ethically aligned standards in ICT, in particular for autonomous and intelligent systems.