CitySCAPE · Project

Cybersecurity Toolkit That Protects City Transport Systems from Cyberattacks

transportPilotedTRL 7

Imagine every bus, tram, metro, and bike-share in your city runs through one connected digital system — ticketing, route planning, passenger data, all of it. Now imagine a hacker gets in. CitySCAPE built a security toolkit that watches for suspicious activity across these connected transport networks, figures out how an attack would spread, estimates the financial damage, and alerts the right authorities in real time. They tested it on the real transport systems of Genoa and Tallinn.

By the numbers

consortium partners across 7 countries

European cities with completed pilot demonstrations (Genoa and Tallinn)

industry partners in the consortium

SMEs participating in the project

total project deliverables produced

The business problem

What needed solving

City transport systems are increasingly connected — ticketing, journey planning, passenger data, and fleet management all run through shared digital infrastructure. This makes them a growing target for cyberattacks, including ticket fraud, data theft, and service disruption. A single breach can cascade across transport, energy, and financial systems, yet most transport operators lack specialized cybersecurity tools designed for their multimodal environment.

The solution

What was built

CitySCAPE built a modular cybersecurity software toolkit for multimodal transport systems. It includes threat detection for suspicious data traffic, attack impact assessment in both technical and financial terms, zero-day attack prediction using combined external and internal intelligence, and a notification system for CERT authorities. The integrated system was demonstrated and piloted in Genoa and Tallinn, producing 24 deliverables including pilot execution reports.

Audience

Who needs this

City transport authorities managing multimodal networksMaaS platform providers handling integrated ticketing and routingCybersecurity firms expanding into critical transport infrastructureRegional transport operators preparing for NIS2 complianceSmart city program offices responsible for digital infrastructure security

Business applications

Who can put this to work

Urban public transport

enterprise

Target: City transport authority or multimodal transport operator

If you are a city transport operator managing buses, trams, and shared mobility through connected digital platforms — this project developed a modular cybersecurity toolkit that detects suspicious traffic, identifies persistent threats, and estimates an attack's financial impact. It was piloted on real transport systems in Genoa and Tallinn across 2 European cities. The toolkit integrates into existing systems without requiring a full infrastructure overhaul.

Mobility-as-a-Service (MaaS) platforms

mid-size

Target: Digital mobility platform provider offering integrated ticketing and journey planning

If you are a MaaS platform provider handling ticketing applications and passenger location data across multiple transport modes — this project built tools that detect cyber-fraud in ticketing systems and protect passenger privacy. The solution was tested on real use-cases involving ticketing fraud and location data manipulation. With 12 industry partners in the consortium, the toolkit was designed for commercial integration.

Critical infrastructure cybersecurity

any

Target: Cybersecurity firm serving transport, energy, or financial sectors

If you are a cybersecurity company looking to expand into transport infrastructure protection — CitySCAPE developed attack modelling tools that map how cyber-threats propagate across interconnected transport, power, and financial systems. The project produced 24 deliverables including threat investigation methods and zero-day attack prediction capabilities. Training materials for both expert and non-expert audiences are included.

Frequently asked

Quick answers

What would it cost to deploy this cybersecurity toolkit in our transport system?

The project data does not include specific licensing or deployment costs. As a publicly funded Innovation Action with 19 consortium partners, certain components may be available under open or negotiated licensing. Contact the consortium coordinator to discuss pricing and integration options.

Can this scale to a large metropolitan transport network?

The toolkit was designed as modular software that can be 'seamlessly integrated into any multimodal transport system,' according to the project objectives. It was piloted in 2 European cities (Genoa and Tallinn) on their regional transport systems, demonstrating real-world scalability beyond lab conditions.

Who owns the IP and how can we license this technology?

IP is held by the 19-partner consortium led by the Research Academic Computer Technology Institute in Greece. With 12 industry partners and 5 SMEs in the consortium, commercial licensing pathways are likely established. Specific terms would need to be negotiated with the coordinator.

Does this meet European cybersecurity regulations like NIS2?

The project explicitly targeted standardization contributions to security labelling protocols. While NIS2 was adopted after the project started, the toolkit addresses core NIS2 requirements for transport operators: threat detection, incident notification to CERT authorities, and impact assessment. Compliance verification would need to be confirmed with the consortium.

How long would integration take with our existing systems?

The project ran from 2020 to 2023, with the integration demonstrator (CPaaS+CitySCAPE system) completed before pilot testing in Genoa and Tallinn. The modular design allows selective deployment of components. Based on available project data, exact integration timelines depend on your existing infrastructure.

What specific threats does it protect against?

The toolkit covers cyber-fraud in ticketing applications, manipulation of passenger location data, threats propagating from connected power and financial sectors, and zero-day attacks. It combines external threat intelligence with internally observed activities to enhance prediction of previously unknown attack types.

Is there ongoing support or has the project ended?

The project closed in August 2023. However, with 12 industry partners in the consortium, commercial support and continued development are possible through individual partner companies. The project website at cityscape-project.eu may list active follow-up activities or spin-off services.

Consortium

Who built it

The CitySCAPE consortium is strongly industry-oriented, with 12 out of 19 partners (63%) coming from the private sector, including 5 SMEs. This high industry ratio signals that the technology was built with commercial deployment in mind, not just academic research. The 7-country spread (Austria, Estonia, Greece, France, Italy, Luxembourg, Romania) covers key European transport markets. The coordinator is a Greek research institute (EREVNITIKO PANEPISTIMIAKO INSTITOUTO SYSTIMATON EPIKOINONION KAI YPOLOGISTON), which provides academic rigor while the industry-heavy consortium ensures practical applicability. Pilots in Genoa (Italy) and Tallinn (Estonia) demonstrate the toolkit works across different transport ecosystems and regulatory environments.

EREVNITIKO PANEPISTIMIAKO INSTITOUTO SYSTIMATON EPIKOINONION KAI YPOLOGISTONCoordinator · EL
TALLINNA LINNparticipant · EE
AUSTRIAN STANDARDS INTERNATIONAL -STANDARDISIERUNG UND INNOVATIONparticipant · AT
AZIENDA MOBILITA E TRASPORTI SPAparticipant · IT
EUROPEAN DYNAMICS ADVANCED INFORMATION TECHNOLOGY AND TELECOMMUNICATION SYSTEMS SAthirdparty · EL
AIRBUS CYBERSECURITY SASparticipant · FR
EUROPEAN DYNAMICS LUXEMBOURG SAparticipant · LU
KASPERSKY LAB ITALIA SRLparticipant · IT
OPPIDAparticipant · FR
RIIGI INFOSUSTEEMI AMETparticipant · EE
UNIVERSITY OF PIRAEUS RESEARCH CENTERparticipant · EL
CS GROUP - Franceparticipant · FR
AIRBUS PROTECTparticipant · FR
ENGINEERING - INGEGNERIA INFORMATICA SPAparticipant · IT
GRUPPO SIGLA SRLparticipant · IT
TALLINNA TEHNIKAÜLIKOOLparticipant · EE
DIRECTORATUL NATIONAL DE SECURITATE CIBERNETICAparticipant · RO
STAM SRLparticipant · IT

How to reach the team

The coordinator is the Research Academic Computer Technology Institute (RACTI) in Greece. Use SciTransfer's contact service to get a direct introduction to the project lead.

Order a report on this consortium See EREVNITIKO PANEPISTIMIAKO INSTITOUTO SYSTIMATON EPIKOINONION KAI YPOLOGISTON profile →

Next steps

Talk to the team behind this work.

Want to explore how CitySCAPE's cybersecurity toolkit could protect your transport infrastructure? SciTransfer can arrange a direct introduction to the project team and help assess fit for your specific needs.

Order a report on this topic More in Transport & Mobility