The road traffic sector has cybersecurity requirements for providers of traffic control and management services, operators of intelligent transportation systems, and vehicle manufacturers.
What is meant by cybersecurity?
Cybersecurity refers to a state in which the cyber operating environment can be trusted to by secure. Cybersecurity risks are dynamic in nature. This means that vulnerabilities are often exploited in various ways, and they can quickly jeopardize cybersecurity. Protection requires stakeholders to have up-to-date awareness of direct and indirect cybersecurity threats. The constantly changing threat environment encourages organizations to take a proactive approach to cybersecurity. Cybersecurity is a must in the development of the transportation system and should be promoted alongside other necessary aspects.
What are the legal requirements for cybersecurity in road transport sector?
The Directive (EU) 2016/1148 (External link) of the European Parliament and of the Council on measures for a high common level of security of network and information systems across the Union (referred to as the Network and Information Security Directive or NIS Directive) covers a wide range of sectors in society. The objective of the NIS Directive is to ensure the continuity of operations of entities that are essential for society and to enhance trust in digital services, thereby contributing to societal security. In the context of road transport, the requirements of the NIS Directive have been implemented in national regulations, applying obligations to providers of traffic control and management services, operators of intelligent transportation systems, and certain vehicle manufacturers.
The role of Traficom
Under the Act on Transport Services, Traficom has a general supervisory role and tasks related to ensuring compliance with the obligations set forth in the law and the provisions, regulations, and decisions issued based on it within the Finnish transport system. Nowadays, the role of an authority is expanding towards partnership and interaction, emphasizing continuous improvement. Traficom provides guidance and instructions on cybersecurity to organizations in the road transport sector.
In addition to its supervisory responsibilities, Traficom actively participates in EU-level and national legislative work, contributing to the development of cybersecurity regulations.