This document discusses the launch of a Cybersecurity Task Force within ASECAP to address cybersecurity issues in the road transportation sector. It notes that while most industries have undergone digital transformation, the road sector's cybersecurity maturity is still developing. The task force aims to initially represent the sector to the European Union Agency for Cybersecurity (ENISA). It conducted a questionnaire of ASECAP members that found most operate critical digital services but few have certified security governance. The task force seeks to increase harmonization of cybersecurity postures among members and engage in international cooperation activities.
1 of 6
Download to read offline
More Related Content
Cybersecurity Task Force at ASECAP Days 2023
1. ASECAPS COPER III
TASK FORCE ON
CYBERSECURITY
MASSIMILIANO MASI
<mmasi@autostrade
.it>
AUTOSTRADE PER
LITALIA
2. 11-10-2023 TASK FORCE CYBERSECURITY 2
THE TASK FORCE
Cybersecurity is a key aspect of the
everyday life of citizens
Most industrial activities underwent the
digital transformation
The Road Transportation sector is not
yet mature
No common understanding on what to
protect
No common guidance on how to protect
No common method to respond to
incidents
A Cybersecurity Task Force has been
launched in ASECAP under the COPER
III initially to represent the
stakeholder sector with ENISA
3. 11-10-2023 TASK FORCE CYBERSECURITY 3
THE LEGAL CONTEXT
The EU commission regulate sectors
with High Criticality with the NIS 2
Directive (EU 2022/2555)
Road Authorities are mentioned in Annex
I
The NIS 2 directive must be
implemented by each member state
Other sectors already adopted
cybersecurity countermeasures to
fulfil the NIS requirements
4. 11-10-2023 TASK FORCE CYBERSECURITY 4
THE ASECAP TASK FORCE
QUESTIONNAIRE
Divided in four parts
Part 1: to discover which
NIS-digital services are
operated and how the
member states regulated
them
Part 2: to discover the
status of the cybersecurity
governance of the
associates (ISMS, CSMS)
Part 3: to discover the
cybersecurity organization
of the associates
Part 4: to discover the
international activities
ongoing
Innovation Activities
Activity 1:
Stocktaking the
existent MS
regulations and
provide a guideline
Activity 2: initiate a
standardization
effort to as other
sectors
Activity 3:
cybersecurity is
scarce. Provide a set
of curricula to have
good candidates
Part 4: Engagement
international bodies
Received answers from 8 ASECAP members
representing around 40 companies
5. 11-10-2023 TASK FORCE CYBERSECURITY 5
MAIN FINDINGS
ASECAP members operate services with high
criticality falling under the NIS 2 definition
(e.g., Traffic Management, ITS)
2/8 EU member states adopted specific
regulations
Only 3 companies operates a certified
governance (Information Security
Management System)
Few companies have a CISO and run a Cyber
Risk Assessment
5/9 ASECAP members want to join the task
force to increase their cybersecurity
posture in a harmonized way among the
concessionaries and engaging in
international activities
6. 6
THANK YOU
Massimiliano Masi -
mmasi@autostrade.it
+393420001300
Joint work with Lara
Malfatti and Fabrizio
Paoletti