The cyber threat against the Danish railway sector

This threat assessment provides an overview of the cyber threat against the Danish railway sector and may be used to form part of the sector’s cyber security risk assessment efforts. Its intended audiences are mainly management staff and IT employees with railway operators and infrastructure management providers.

Key assessment:

The threat from cyber crime against the railway sector follows the general cyber threat level against Denmark and is assessed as VERY HIGH. Consequently, it is highly likely that private companies or public authorities within the Danish railway sector will fall victim to attempts of cyber crime. Though ransomware attacks are the biggest cyber threat, the Danish railway sector is also the target of cyber attacks against sub-suppliers and spearphishing attempts.

The threat from cyber espionage against the Danish railway sector is HIGH, indicating that the sector is likely to fall victim to attempts of cyber espionage. Operators such as foreign states may have an interest in compromising railway sector organizations in connection with large tenders.

The threat from cyber activism has been raised from LOW to MEDIUM. The CFCS has raised the threat level due to the cyber activist attacks against European NATO countries triggered by the war in Ukraine. It is possible that pro-Russian hackers, in particular, will attack targets in Denmark, including targets in the railway sector.

The threat from destructive cyber attacks against the Danish railway sector is LOW, indicating that it is less likely that foreign states will launch destructive cyber attacks against Danish critical infrastructure, including the railway sector.

The threat from cyber terrorism against the Danish railway sector is NONE. Though militant extremists have on rare occasions expressed intentions of conducting cyber terrorism, they currently lack the capabilities to carry out cyber terrorist attacks.

Revision history:

The threat assessment was updated in June 2022 with adjustments to the chapter on the threat from cyber activism following the increase in threat level described in the CFCS’s threat assessment ”The CFCS raises the threat level for cyber activism against Denmark from LOW to MEDIUM” published 18 May 2022. The threat level for cyber activism has been raised from LOW to MEDIUM.

The most recent update was made in March 2023 with an added note to reflect that CFCS raised the threat level for cyber activism from MEDIUM to HIGH. The rest of the threat assessment remain unchanged.