What is the object of the project?

The ‘Urban Rail Transport Single Member S.A.’ (STASY Single Member S.A.) is a critical infrastructure in the transport sector, as it ensures the daily commuting of hundreds of thousands of citizens in Attica through the metro, electric railway and tram network. Any disruption in its operation, whether due to technical failure or cyber attack, would have a direct impact on social and economic life, creating serious problems for the commuting of workers, students and vulnerable groups. The Entity’s dependence on digital systems for the operation and monitoring of trains, the management of timetables, the issuing of tickets and communication with the passengers, makes it necessary to protect it from cybersecurity threats. For this reason, in accordance with Directive (EU) 2022/2555 (NIS 2) and Law 5160/2024, STASY Single Member S.A. is designated as a “key entity” in the transport sector and is required to adopt increased measures for the resilience of its information systems, the prevention and detection of cyber attacks, as well as the seamless continuity of its critical services.

Therefore, STASY Single Member S.A., recognizing the growing importance of cybersecurity and the obligations arising from the national regulatory framework, intends to implement a comprehensive program to strengthen the protection capabilities of its information systems. The objective is the procurement and operation of SOC-as-a-Service (SOCaaS) services, as well as the implementation of actions of compliance with Directive (EU) 2022/2555 (known as the NIS2 Directive) and Law 5160/2024.
The project aims to enhance the security of the infrastructure of the Entity, through continuous monitoring, early detection and immediate response to cybersecurity incidents by a specialised provider. At the same time, the adoption and implementation of a comprehensive framework of policies, procedures and organisational mechanisms is provided to ensure compliance with the obligations of STASY Single Member S.A., as a “key” entity, as set out in Law 5160/2024 (transposition of Directive (EU) 2022/2555 into national law).

What is Feasibility and expected benefits

The ever-evolving cybersecurity landscape creates complex and increasing demands on public and private sector organisations, forcing the adoption of advanced technology solutions and risk management strategies. The intensification of the use of digital technologies combined with the escalating threat activity in cyberspace make the development of resilient information infrastructures with built-in mechanisms for prevention, detection and response to security events, critical.

At international and EU level, a trend towards institutional strengthening of the cybersecurity framework is observed, with the adoption of national strategies and the introduction of binding regulatory requirements focusing on interoperability, operational continuity and compliance with information security standards. The contracting authority, through this project, seeks to enhance its preparedness and responsiveness, by meeting the requirements of the new regulatory framework, substantially strengthening the defences of information systems and fostering a sustained culture of digital security and responsibility