Thank you in advance for participating in the Awareness on Cybersecurity survey in the run-up to the ERCI Cybersecurity in Railways Task Force Meeting #5 on 21 March 2019.

The aim of the event is to raise awareness of cybersecurity in the context of digitalisation projects and to identify innovative solutions to make development, production and operating processes in rail transport even more resilient to cyberattacks. The event will also serve to connect the relevant stakeholders from business and academia.

The Cluster ICT, Media and Creative Industries as well as the Cluster Transport, Mobility and Logistics Berlin-Brandenburg, in close cooperation with the European Railway Clusters Initiative (ERCI), support this request as an instrument for a long-term strengthening of competitiveness of the European rail industry through innovation and opening up new business opportunities.

Question Title

* 1. PHYSICAL PROTECTION: My company develops the following systems (possible multiple answers):

Question Title

* 2. CYBER PROTECTION: My company develops the following systems (possible multiple answers):

Question Title

* 3. SERVICES: My company delivers the following services (possible multiple answers):

Question Title

* 4. CERTIFICATION ISO/IEC 27000 SERIES (Information Security Management System Family of Standards)

Question Title

* 5. WHAT IS CYBERSECURITY FOR YOU: Assign a value to the answers according to your opinion (1 = most important)

  1 2 3 4 5 k. A.
an IT issue
a human factor issue
a technological development of the product issue
a standard/technological specification issue
an issue concerning specific company's competences
an issue concerning the entire company's competences

Question Title

* 6. POTENTIAL CYBER THREATS AND ACTORS: Cyberthreats to railway systems come from (select of relevant answers according to your opinion):

Question Title

* 7. EXPECTATIONS: I expect cybersecurity will modify the following aspects in the railway sector (possible multiple answers):

Question Title

* 8. NEXT ACTIONS: I am interested to take the following actions as a company (1 = most important)

  1 2 3 4 5 k. A.
Develop our cyber security culture
Develop an appropriate cyber security capability
Understand our cyberspace to understand our exposure and the potential impact of cyber attacks
Take a risk-based approach to understand the threads we face, the vulnerabilities or weaknesses in our people or technology, the potential consequences of a cyber incident affecting our businesses, and to manage the exposure of our cyberspace
Have governance for cyber security in our organisations
Ensure appropriate cyber security management of our systems and their interfaces
Work with third-party suppliers to manage cyber security in our supply chain
Ensure cyber security measures are applied through the life of the systems we develop
Prepare for and manage cyber security incidents

Question Title

* 9. Which category applies to you in terms of cybersecurity?

T