Messages are encrypted with a 'key'. Such a key ensures the identification of the train in the infrastructure. The security of these keys is an important security aspect and is related to cyber security.
The keys are known in advance, because trains cannot be identified without them. Key management is about the creation, distribution, placement, replacement and destruction of keys. Exchanging and distributing keys to ETCS equipment is part of the key management process. This process transcends the organisations and is a process that is part of chain management.
Current digital key management
In the Netherlands, ProRail is responsible for the creation and distribution of the keys. Transport companies or vehicle owners apply for keys and manage the keys in their Key Management Centre (KMC). This KMC places the keys in the ETCS on-board systems. ProRail places the keys in the wayside equipment. A key is created once the moment a vehicle is given a licence.
ERTMS means more keys
Keys are already required on the existing ERTMS railway sections. Between now and 2031, ERTMS will be implemented in a part of the railway network. By 2050, the system must be standard in the whole of the Netherlands. More ERTMS railway sections also means that the number of keys will increase.
Future key management
With the growing number of keys, key management becomes increasingly difficult and more prone to errors. Manually managing keys will therefore be replaced by online and automatic key management.
Online key management: fewer risks and faster
Online key management allows us to share keys through applications in an automated fashion. This reduces the chances of errors and risks, and is much faster. Online key management will be available from ERTMS Baseline 3 Release 2.