CYBER-RAIL

Cybersecurity Readiness for Urban Rail Operators

The CYBER-RAIL project is an EIT Urban Mobility initiative dedicated to strengthening cybersecurity capacity among public transport professionals across Europe. Through practical, role-based training focused on urban rail systems — including metro, tram, and light rail — the project helps transport operators understand, prevent, and respond to the growing cyber threats affecting their daily operations.

As urban mobility systems become increasingly digitalised, cyber incidents are no longer a distant risk – they can disrupt services, compromise passenger safety, and cause significant operational downtime. Yet many public transport operators (PTOs), especially in EIT RIS regions, lack access to cybersecurity training tailored to their specific operational context. CYBER-RAIL was created to fill this gap.

This 2-phase training programme turns cybersecurity from a compliance topic into a real operational capability — equipping both frontline staff and technical professionals with the skills they need to act confidently and effectively.

Our goal is to build lasting cybersecurity capacity within urban transport organisations across EIT RIS countries. To achieve this, we aim to:

  • Deliver practical, rolespecific cybersecurity training to a minimum of 75 professionals from public transport operators across EIT RIS countries.
  • Develop a modular, reusable training curriculum aligned with European cybersecurity standards (IEC 62443 and CLC/TS 50701), enabling PTOs to integrate it into their internal development programmes.
  • Issue co-signed certificates of completion, recognised by EIT Urban Mobility, to all participants.
  • Measure and document the impact of the training through pre- and post-training evaluations and a 2-month follow-up assessment.

The training is structured in two levels:

  • Level 1 — Introductory Training: Designed for operational staff, frontline workers, and managers. Covers the rail cyber threat landscape, IT vs OT systems, secure everyday behaviours, and incident recognition. Format: 3–4 hours, in-person, role-based exercises and real-world scenarios.
  • Level 2 — Advanced Technical Training: Designed for engineers, IT professionals, and cybersecurity officers. Covers depot OT architecture, system hardening, detection and triage in mixed IT/OT incidents, and containment and recovery procedures. Format: 4–5 hours + 10 hours of mentorship, technical walkthroughs and team drills.

IRD leads Work Package 2 (Recruitment & Outreach) and Work Package 4 (Impact Evaluation & Follow-Up), ensuring that the programme reaches the right professionals across RIS regions and that its results are rigorously measured and reported.

The project runs from January to December 2026. Training sessions take place in two rounds: May–June and August–October 2026. Participation is completely free of charge and open to organisations and municipalities from EIT RIS countries.

Total project budget: Approx €133,000

Our partners:

  • Cyweta (Czech Republic) — Project Lead