Cyber Security

Cyber Security
  • Training
Add to Calendar
  • Spain


Worried about cyber security? Join the club! As public transport becomes increasingly digitized, cyber threats are here to stay. They affect all public transport networks and it is vitally important to face up to the threat. Cyber security is about protecting IT systems from mishap, be they accidental or intentional. The problem is technical, but the solutions are only partly technical. This training course will give participants a deep understanding of how to address cyber risks based on the following three pillars:


  • People: people create the most vulnerabilities (error and ignorance, not to mention malicious intent), but are also the greatest line of defense. Creating a culture of awareness across all staff profiles, as well as training, are the most important pillar.
  • Policies + procedures: People must be supported by fit-for-purpose policies and procedures, and supported from Board level.
  • Physical protection: this is the ‘easiest’ element to implement and involves a number of technical protection layers.

Source: Action Points – Cyber Security in Public Transport, UITP, 2017

Learning Objectives

  • Learn to assess risk and construct a cyber security policy and implementation plan
  • Define training needs for relevant staff
  • Gain an insight into well-known cyber-attacks, including lessons learned
  • Benchmark your practices and tools with your peers

Target Audience

  • Chief Information Officers
  • Operational managers
  • Security managers
  • Safety managers
  • Other public transport professionals engaged in cyber security from public transport operators and authorities
  • Professionals from other sectors with an interest in exploring cyber security from the point of view of public transport
  • Experienced professionals as well as newcomers to the topic

Applicants must have an excellent command of English.


  • Get inspired by our trainers, understand the main aspects of cyber security and learn from successful best practice
  • Participate to interactive plenary sessions with introduction by course leaders, presentation by the trainer and open discussion with participants
  • Challenge your practical knowledge on cyber security and how to protect your system
  • Address the topic from an international perspective, enriched by different cultural approaches and points of views
  • Participate to workshops allowing you to apply on a concrete case the main principles and tools learned
  • Benefit from a unique exchange of knowledge and experience between professionals


  • Risk assessment methodology and ready-to-use matrix
  • Check list to create cyber security policy and implementation plan
  • Check list to incorporate cyber requirements when tendering out new products and services
  • Insprational material for staff awareness-raising

Inspiring trainers

Our skillful trainers are composed of international experts and professionals with extensive experience and knowledge in the strategic, operational and technological areas of cyber security.

Trainers will be:



Huang Shao Fei, Director, LTA, Singapore


Sebastian KrieglerLead Software Engineer, INIT, Germany


Lindsey Mancini, Senior Manager, UITP, Brussels, Belgium



UITP reserves the right to make amendments to the programme or any related activity


Session 1: What is cyber security? 

  • Definitions: cyber security & cyber safety
  • The risk: what is at stake?
  • Who is the enemy? Cyber criminals, hackers, hacktivists, disgruntled employees, human error or ignorance
  • Typical ICT infrastructure – what has to be protected

Session 2: Case Study

A detailed look at some cyber-attacks on public transport, including:

  • Derailment of tram in Lodz, Poland after teenager modified a television remote control (2008)
  • Ransomware attack affecting San Francisco’s Muni system (2016)
  • Wannacry ransomware attack affecting Deutsche Bahn (2017)
  • DDoS (Distributed Denial-of-service) attack causing train delays across Sweden (2017)

Workshop: participants will be split into groups and each group will be given one case study to review addressing following questions:

  • What could have helped prevent the attacks?
  • Review of response – lessons learned
  • Measures to take and lessons learned to prevent and/or minimise future attacks

Session 3: Policy, Governance, Culture, Training

Cyber security is a technical problem, but the solutions are only partly technical. This session will detail the most important aspects of cyber security, including:

  • Governance: responsibilities from the Board, senior management and below
  • Policy: Essential elements of a cyber policy e.g. password, USB, email etc.
  • Creating a culture of cyber awareness
  • Training

Session 4: Technical Considerations (physical protection)

Technical layers are a base-line. This session will explain everything you need to know about the technical protection of the IT landscape, including:

  • Technical audit to map IT landscape
  • Operational systems (signal control systems, vehicle-system communication systems, predictive maintenance, power supply and energy distribution systems)
  • Customer facing and external systems (website, mobile applications, cloud storage, points of sale etc.)

Session 5: Risk assessment

Like any other security risks, bullet-proof protection is not possible. A risk-based approach is the best way to address threats in a proportionate and systematic way. This session will demonstrate a risk assessment methodology specifically designed to assess cyber risks in public transport. A workshop will allow participants to practice applying the methodology to a fictive network.

Session 6: Workshop – devising a cyber security policy and implementation plan

The culmination of the 2 days of training, participants will devise a cyber security policy for a fictive network based on the risk assessment results of the previous workshop. The policy will cover the three pillars (people, policies & procedures, physical protection). Each group will present an overview to the whole group.


21% VAT excluded

Until 13/08/2018

After 13/08/2018


1210 €

1610 €

Member « developing nations »*

885 €

1175 €


1635 €

2170 €

Non-member « developing nations »*

1095 €

1465 €

Group UITP Member (4 or +)

1130 €

Group UITP Member (4 or +) « developing nations »*

830 €

Group UITP non Member (4 or +)

1520 €

Group UITP non Member (4 or +) « developing nations »*

1020 €

* Participants from developing nations benefit from a special discount. Check here the list of eligible countries.

To register a group of 4 persons of more from the same organisation, please contact us: - Tel: +32 2 663 66 57

Participation fees include:

  • Training instruction
  • Lunches and coffee breaks
  • All training documents: Binder including all presentations and supporting documents; Access to all training material via UITP's electronic library Mobi+ (after the training)

Groups generally consist of 25 participants and are limited to about 30 in order to increase the learning experience and interaction during the programme. Places allocated on a first-come, first-served basis.

Terms and Conditions

Please download our Terms and Conditions here.

Contact Person

Sunita Kelecom, Training Assistant, UITP Centre for Training,, Tel: +32-2-663 66 57

Practical information: 

Training Venue

EU Business School Barcelona
Av. Diagonal, 648 bis
08017 Barcelona

Metro stop: Maria Cristina (L3)


Participants are responsible for making their own hotel reservation.

Hotels nearby the training venue

Hotel NH Collection Barcelona Constanza**** (7min. on foot)
Carrer de Déu i Mata, 69-99
08029 Barcelona
Tel: +34 932 81 15 00

Hotel Atiram Arenas**** (10min. on foot)
Carrer del Capità Arenas, 20
08034 Barcelona
Tel: +34 932 80 03 03

Hotel NH Barcelona Entenza*** (13min. on foot)
Carrer del Capità Arenas, 20
08034 Barcelona
Tel: +34 932 80 03 03

Hotel NH Barcelona Les Corts*** (7min. on foot)
Travessera de les Corts, 292
08029 Barcelona
Tel: +34 933 22 08 11




Huang Shao Fei, Director, LTA, Singapore


Sebastian KrieglerLead Software Engineer, INIT, Germany


Lindsey Mancini, Senior Manager, UITP, Brussels, Belgium



This training programme is kindly hosted by EU Business School

Share & Print: