[Op-Ed] Cybersecurity: Accelerating the Transition to FRMCS

Faced with cybersecurity challenges and connectivity issues, Dr. Rolf Werner, Head of Mobile Networks in Europe at Nokia, urges operators to accelerate the transition to FRMCS to protect the renaissance of rail in Europe.

Rail transport is experiencing a revival in Europe. Growing passenger demand is driving new investments in long-distance routes and high-speed rail lines. The European Union has set a goal to triple the number of high-speed trains by 2050. It has shown support for numerous initiatives aimed at boosting cross-border rail travel between European states. Rail operators are also making significant investments in new rolling stock, with SNCF and DB expected to begin receiving their flagship new trains this year. The first of SNCF’s 115 new TGV M trains will arrive in the second half of 2025, promising a 14% increase in capacity and a 20% reduction in emissions. Rail networks are becoming increasingly digitized through fleet and infrastructure modernization. This proliferation of software systems, connected IoT devices, and greater automation brings clear benefits in terms of efficiency, safety, and capacity for rail operators. However, it also introduces new attack vectors and expands the surface area for cyberattacks, which have become an unavoidable reality for the industry.

The Need to Assess the Threat Landscape
Across all sectors, the rise in cybersecurity risks is an inevitable consequence of digitization. According to a report by cybersecurity specialist Cylus, cyberattacks in the rail sector increased by 220% over the five years leading up to 2022. The European Union Agency for Cybersecurity (ENISA) predicts that future attacks will focus less on disrupting rail IT systems and more on operational technology (OT) systems. This shift is partly due to rail’s status as critical national infrastructure (CNI) and the potentially wide-ranging economic and societal impacts of service disruptions. The management and transmission of rail operational data face three primary security threats. The first is eavesdropping—unauthorized collection of sensitive information, such as system commands or login credentials. The second is the man-in-the-middle (MITM) attack, which leverages eavesdropping to alter intercepted communications between two parties. In theory, an MITM attack could send malicious commands to interfere with signaling systems, exposing trains to collision risks. Third, a denial-of-service (DoS) attack could overwhelm the rail system with disruptive traffic, causing the system to lose responsiveness and leading to massive schedule disruptions.

Outdated Connections
Improving the cyber resilience of Europe’s rail networks faces a fundamental challenge: connectivity. Most of the continent’s railways rely primarily on GSM-R and TETRA wireless protocols with an optical backbone network. While these technologies have served well, they are now entering their third decade and are rapidly becoming obsolete. Crucially, they were developed before the widespread use of the internet and were simply not designed to operate within today’s cyber threat landscape. A solution for progress is on the horizon. The Future Railway Mobile Communication System (FRMCS), based on 5G, is set to replace both GSM-R and TETRA and is currently undergoing trials. Initial commercial deployments are planned for 2026. Beyond the connectivity and performance benefits of moving from a 2G to a 5G platform, FRMCS has been designed to address current and future cybersecurity threats and requirements.

Strengthening the Network
The guiding principle of FRMCS security specifications is "defense in depth." This approach combines various security measures to implement multi-layered protection. It includes provisions to secure data in transit across the network at the application, service, and transport levels. FRMCS will adopt advanced 256-bit encryption, which is significantly more secure than the 128-bit encryption used in 4G-LTE networks and the 64-bit encryption keys of GSM-R. The 5G-based system will natively authenticate security tokens or certificates, which is impossible with GSM-R but essential for using sensors and IoT devices in rail networks. These end-to-end security capabilities provide rail operators with a much stronger foundation to build defenses today that can be adapted over the long term to meet the evolving nature of threats.

A Lengthy Transition
Despite the imminent arrival of FRMCS, we must be pragmatic and accept that the transition to a modern, more secure rail communication network will be slow. Rail networks face funding challenges across much of Europe. Operators are forced to maximize the lifespan of all existing assets. This means GSM-R and TETRA will coexist with FRMCS for at least a decade. In today’s climate of cyber risks and geopolitical tensions, this situation is far from ideal. Another significant factor comes into play. Parts of Europe’s rail communication networks are built by vendors the EU considers “high-risk suppliers,” with recommendations to exclude them from 5G networks in EU member states. Critical national infrastructures, such as railways, are more vulnerable to cyberattacks than ever before. As a result, rail operators must account for these risks in their security policies and deploy advanced AI tools to automate the detection and mitigation of malicious traffic. However, the landscape continues to evolve. Cybercriminals are adopting generative AI tools to increase the volume of highly targeted attacks. Advances in quantum computing also raise the possibility that most traditional encryption methods could become ineffective. For Europe’s railways to continue thriving, they must offer high levels of reliability and efficiency. Yet, unclear cybersecurity prospects jeopardize these goals. As rail operators strengthen their defenses, the rapid transition to FRMCS is clearly in everyone’s best interest. Even though adopting FRMCS may not be a realistic short-term option for many operators, it does not imply indefinite delays. Such transitions are inherently long and complex projects. Nevertheless, steps can be taken now to ease the overall process and enhance the security of our railways for future generations.

Dr. Rolf Werner, Head of Mobile Networks in Europe, Nokia

Biography
Dr. Rolf Werner holds a degree in business administration from Johannes Gutenberg University of Mainz (Diplom-Kaufmann) and a PhD in business administration from the University of East London. He currently serves as Head of Mobile Networks in Europe at Nokia. With extensive experience as CEO of Cognizant Technology Solutions Germany and in leadership roles at T-Systems, Fujitsu, and GlobalLogic, Dr. Rolf Werner drives growth and strengthens Nokia’s already significant market share in mobile networks.