ERTMS - Design of secure European Train Control Systems

The European Rail Traffic Management System (ERTMS) with its separate projects aims to unify the standards for signalling and train control on a European basis. The European Train Control System (ETCS) is used to harmonize the equipment of lines of the trans-European networks, but has also found its way into railroad infrastructures beyond this. The ERTMS Users Group (EUG) represents the interests of the infrastructure managers.

Due to increased risks and extended European requirements regarding security, the ERTMS Security Core Group (ESCG) was founded. INCYDE is responsible for the organizational and technical management of this newly created group. Within the ESCG, threats and risks are analysed. The analysis will lead to proposals to improve the TSI subsets. In addition, systems already implemented and current standards will be considered in the analyses to provide comprehensive protection. This will be done in close cooperation with the members of the EUG. Through this process, the ESCG aims to define security measures for the ERTMS domain to improve future standards and enable migration of existing systems.



The ESCG was founded based on proposals from INCYDE to the EUG and its structure was planned by INCYDE. It required a quick integration of security experts from several ERTMS operators, as well as the development of a project plan for the first year. The ESCG and INCYDE face the following challenges:

  • Developing standards for systems that are already in operation or standardized
  • Incorporating security requirements into future European standards
  • Taking into account different implementation statuses of the operators involved



Several deliverables will publicly document the progress of the ESCG's work. So far, the following documents are among those that have been published:

  • ERTMS Security Concept
  • ERTMS Threat and Risk Analysis



The management of the European Committee for Security in ERTMS includes, but is not limited to, the following tasks:

  • Verification of normative requirements according to IEC 62443 and TS 50701
  • Conduct complex risk analysis based on current subsets
  • Influence future development of the European train control system