The Digital Shield: Cybersecurity in Modern Rail Operations

Defend the network against digital threats. Explore the critical role of Railway Cybersecurity, the challenges of IT/OT convergence, and the CENELEC TS 50701 standard.

December 11, 2025 8:12 am | Last Update: March 22, 2026 12:39 pm

⚡ In Brief

Railway cybersecurity protects operational technology (OT) systems—including signaling, train control, and traction power—from cyber threats that could compromise safety, availability, or passenger trust in an era of IT/OT convergence and digitalization.
Core regulatory frameworks include the EU NIS2 Directive (critical entity obligations), EN 50159 (safety-related communication security), IEC 62443-3-3 (industrial automation security), and TSI CCS cybersecurity provisions for ETCS/GSM-R/FRMCS systems.
Key technical controls encompass network segmentation (air-gapped safety networks), zero-trust architecture for remote access, intrusion detection systems tuned for railway protocols (IEC 60870-5-104, PROFINET), and security operations centers with railway-specific threat intelligence.
Incident response requires railway-specific playbooks: safety-critical systems demand fail-safe fallback modes, cross-border coordination via ERA’s cybersecurity network, and post-incident forensic analysis that preserves operational continuity while enabling root-cause investigation.
Implementation case studies demonstrate measurable impact: DB Systel’s SOC reduced mean-time-to-detect cyber incidents by 67% through railway-tuned SIEM rules (2024); SNCF’s zero-trust remote access deployment eliminated 94% of credential-based attack vectors across 15,000 maintenance endpoints.

At 03:47 on a foggy morning in the Gotthard Base Tunnel, a cyber intrusion attempt targets the ETCS Radio Block Center controlling train movements through the 57 km alpine crossing. The attacker, leveraging a compromised vendor maintenance portal, attempts to inject false movement authorities into the safety-critical signaling network. Within 12 seconds, the railway’s security operations center detects anomalous protocol behavior, isolates the affected network segment, and triggers fail-safe fallback to trackside signals—preventing any impact on the 12 passenger and freight trains currently in the tunnel. This scenario, rehearsed in tabletop exercises and validated through red-team assessments, represents the operational reality of cybersecurity in modern rail: a continuous defense against adversaries who understand that disrupting railway operations can cause economic damage, public panic, or—worst case—safety incidents. For infrastructure managers, rolling stock operators, and safety regulators, understanding cybersecurity is not an IT specialty; it is a foundational element of railway safety, reliability, and public trust in an era where digital systems control physical movement.

What Is Railway Cybersecurity and Why Does It Matter?

Railway cybersecurity is the practice of protecting operational technology (OT) systems—including signaling, train control, traction power, passenger information, and maintenance platforms—from cyber threats that could compromise safety, service availability, or data integrity. Unlike generic enterprise cybersecurity, railway cybersecurity must address unique constraints: safety-critical systems where availability and integrity take precedence over confidentiality; legacy equipment with 30+ year lifecycles that cannot be patched frequently; and distributed infrastructure spanning remote locations with limited physical security. The convergence of IT and OT networks—driven by digitalization initiatives like predictive maintenance, real-time passenger information, and remote diagnostics—creates new attack surfaces that adversaries can exploit to reach safety-critical systems. Regulatory frameworks like the EU NIS2 Directive designate railways as critical entities, mandating risk management measures, incident reporting, and supply chain security. Technical standards like EN 50159 define security requirements for safety-related communications, while IEC 62443-3-3 provides architectural guidance for securing industrial control systems. For engineers, railway cybersecurity is not about preventing all attacks—an impossible goal—but about ensuring that successful attacks cannot compromise safety functions, cause prolonged service disruption, or erode public confidence in rail transport. In an era of increasing geopolitical tension and criminal ransomware activity, that resilience is not optional; it is foundational to the social license to operate.

Threat Landscape: Understanding Adversaries and Attack Vectors in Rail

Railway cybersecurity threats originate from diverse actors with varying motivations: nation-states seeking disruption or intelligence, criminal groups pursuing ransom payments, hacktivists targeting symbolic infrastructure, and insider threats (malicious or negligent). The attack surface spans multiple domains, each with distinct vulnerabilities and consequences:

Attack Vector Categories:1. Signaling & Train Control Systems

• Targets: ETCS Radio Block Centers, interlockings, track circuits, balises

• Threats: False movement authority injection, signal aspect manipulation, train detection spoofing

• Impact: Collision risk, service disruption, safety system bypass

• Mitigation: EN 50159 cryptographic authentication, network segmentation, protocol whitelisting
2. Traction Power & Energy Management

• Targets: SCADA systems, substation controllers, pantograph monitoring

• Threats: Unauthorized command execution, load manipulation, denial of service

• Impact: Power outages, equipment damage, cascading grid effects

• Mitigation: IEC 62443 zone/conduit architecture, unidirectional gateways, anomaly detection
3. Passenger Information & Ticketing

• Targets: PIS displays, mobile apps, fare collection systems, reservation databases

• Threats: Data theft, service disruption, misinformation campaigns

• Impact: Passenger confusion, revenue loss, reputational damage

• Mitigation: PCI-DSS compliance, API security, DDoS protection, content verification
4. Maintenance & Remote Access

• Targets: Vendor portals, diagnostic interfaces, firmware update mechanisms

• Threats: Supply chain compromise, credential theft, malicious firmware

• Impact: Persistent access to OT networks, sabotage of safety systems

• Mitigation: Zero-trust remote access, code signing, hardware root of trust
5. Corporate IT & Business Systems

• Targets: Email, HR systems, financial platforms, executive endpoints

• Threats: Phishing, ransomware, business email compromise

• Impact: Operational disruption via IT/OT bridge, data exfiltration, extortion

• Mitigation: Email security, endpoint detection, network segmentation, security awareness

Historical incidents illustrate evolving threats: the 2016 ransomware attack on San Francisco’s Muni system encrypted fare collection servers but did not impact train control due to network segmentation; the 2021 compromise of a European signaling vendor’s update server highlighted supply chain risks; and the 2023 phishing campaign targeting railway maintenance staff demonstrated the human element in OT security. Crucially, adversaries increasingly understand railway operations: they target not just IT systems but the interfaces between IT and OT, exploiting trust relationships to pivot from corporate networks to safety-critical infrastructure. For defenders, this means cybersecurity cannot be siloed: it requires collaboration between safety engineers, operations staff, IT security teams, and executive leadership to build defenses that protect both data and physical safety.

Regulatory Frameworks & Technical Standards: Building Compliance into Security

Railway cybersecurity operates within a multi-layered regulatory and standards framework that translates policy objectives into technical requirements:

Framework/Standard	Scope & Applicability	Key Requirements	Verification Method	Railway-Specific Adaptation
EU NIS2 Directive	Critical entities in transport sector	Risk management, incident reporting, supply chain security, board accountability	National authority audits, incident notification within 24h	Railway-specific criticality thresholds; coordination with safety authorities
EN 50159:2021	Safety-related communication in closed systems	Authentication, integrity protection, replay prevention, secure key management	Safety case review, protocol conformance testing, independent assessment	Integration with EN 50126/50128/50129 RAMS framework; SIL-4 alignment
IEC 62443-3-3	Industrial automation and control systems security	Zone/conduit architecture, security level targets, secure development lifecycle	Security risk assessment, architecture review, penetration testing	Adaptation for railway OT protocols (IEC 60870-5-104, PROFINET, ETCS)
TSI CCS Cybersecurity Provisions	ETCS, GSM-R, FRMCS systems in Trans-European Network	Secure key management for ETCS, radio interface security, FRMCS network slicing isolation	NoBo assessment, interoperability testing, ERA coordination	Cross-border key distribution; handover security between national networks
ISO/IEC 27001	Information security management systems	Risk assessment, access control, incident management, continuous improvement	Certification audits, internal reviews, management oversight	Extension to OT assets; integration with safety management systems
EN 50701:2022	Cybersecurity for railway applications (new standard)	Holistic railway cybersecurity framework, threat modeling, security-by-design	Security case development, independent validation, lifecycle monitoring	First railway-specific cybersecurity standard; bridges RAMS and IT security

Crucially, these frameworks must be integrated rather than applied in isolation: EN 50159 security controls must align with EN 50129 safety arguments; NIS2 risk management must incorporate railway-specific threat scenarios; and IEC 62443 architecture must accommodate legacy OT systems that cannot be easily replaced. For project teams, this means cybersecurity is not a compliance checklist but a systems engineering challenge—requiring explicit modeling of threat propagation paths, validation of defense-in-depth strategies, and continuous monitoring of emerging vulnerabilities.

Defense Architecture: Technical Controls for Railway Cybersecurity

Effective railway cybersecurity employs a layered defense architecture that combines preventive, detective, and responsive controls tailored to OT constraints. Key technical measures include:

Control Category	Specific Measures	Railway Adaptation	Implementation Challenge	Effectiveness Metric
Network Segmentation	Air-gapped safety networks; VLANs for OT/IT separation; unidirectional gateways	Preserve real-time performance for signaling; accommodate legacy protocols	Legacy system integration; maintenance access requirements	Mean time to contain lateral movement; segmentation policy compliance rate
Zero-Trust Access	Multi-factor authentication; just-in-time privileged access; device posture validation	Support field maintenance with limited connectivity; integrate with railway IAM	User experience for operations staff; legacy system compatibility	Reduction in credential-based attacks; privileged session monitoring coverage
Protocol Security	EN 50159 cryptographic authentication; protocol whitelisting; anomaly detection for IEC 60870-5-104	Low-latency requirements for safety messages; key management for distributed systems	Performance overhead of encryption; key distribution at scale	Protocol violation detection rate; false positive rate for anomaly detection
Threat Detection	Railway-tuned SIEM rules; OT-specific IDS signatures; behavioral analytics for maintenance access	Distinguish legitimate operational commands from malicious activity; integrate with safety monitoring	Limited OT threat intelligence; alert fatigue from noisy environments	Mean time to detect (MTTD); true positive rate for OT-specific threats
Resilience & Recovery	Fail-safe fallback modes; immutable backups for safety configurations; incident response playbooks	Maintain safety during cyber incidents; coordinate with emergency response procedures	Testing fallback modes without disrupting service; cross-border incident coordination	Recovery time objective (RTO) for critical systems; exercise success rate
Supply Chain Security	Vendor security assessments; code signing for firmware; software bill of materials (SBOM)	Long-lifecycle components; legacy vendor support; cross-border procurement	Vendor transparency; balancing security with procurement timelines	Percentage of critical components with SBOM; vendor assessment completion rate

Implementation requires balancing security with operational constraints: encryption must not introduce latency that violates signaling timing requirements; access controls must not impede emergency maintenance; and detection systems must avoid alert fatigue that could mask genuine threats. The DB Systel security operations center exemplifies best practice: railway-tuned SIEM rules reduced false positives by 73% while improving detection of OT-specific threats; automated playbooks enabled containment of incidents within 15 minutes without disrupting train operations. For security architects, this means railway cybersecurity is not about applying enterprise controls wholesale but about engineering defenses that respect the unique constraints of safety-critical, real-time, distributed infrastructure.

Cybersecurity Approaches: Railway OT vs. Enterprise IT vs. Critical Infrastructure

Parameter	Railway OT Systems	Enterprise IT Systems	Power Grid Critical Infrastructure	Aviation Systems	Best Practice Synthesis
Primary Security Objective	Safety integrity + availability	Confidentiality + integrity	Grid stability + availability	Flight safety + system integrity	Railway: safety must never be compromised for security or vice versa
System Lifecycle	30–50 years (legacy compatible)	3–7 years (rapid refresh)	20–40 years (gradual modernization)	25–30 years (certified components)	Railway: security controls must accommodate decades-long asset lifecycles
Real-Time Requirements	Sub-second for signaling; deterministic	Seconds to minutes acceptable	Milliseconds for protection relays	Microseconds for flight control	Railway: security overhead must not violate timing constraints of safety systems
Patch Management	Planned outages only; extensive regression testing	Regular automated updates	Scheduled maintenance windows	Certified updates only; rigorous validation	Railway: compensating controls essential where patching is infeasible
Incident Response Priority	Maintain safety fallback; preserve evidence	Contain breach; restore services	Prevent cascading failures; restore grid	Ensure flight safety; isolate affected systems	Railway: response playbooks must integrate with safety procedures and emergency protocols
Regulatory Oversight	ERA + national safety authorities + NIS2	Data protection authorities + sectoral regulators	Energy regulators + NIS2 + NERC CIP (US)	Aviation safety authorities + ICAO standards	Railway: cybersecurity must satisfy both safety and security regulators through integrated assurance
Cross-Border Coordination	ERA cybersecurity network; TSI harmonization	GDPR + bilateral agreements	ENTSO-E coordination + regional agreements	ICAO + bilateral air service agreements	Railway: cybersecurity is inherently cross-border; harmonized standards and information sharing are essential

Implementation Case Studies: Cybersecurity in Operational Practice

DB Systel’s Security Operations Center (SOC), established in 2021 and expanded in 2024, exemplifies railway-specific cybersecurity operations. Monitoring over 50,000 OT and IT assets across DB Netz, DB Fernverkehr, and DB Cargo, the SOC employs railway-tuned detection rules that distinguish legitimate operational commands from malicious activity. Key outcomes after three years of operation: mean time to detect cyber incidents decreased from 4.2 hours to 78 minutes; false positive rates for OT alerts dropped by 73% through protocol-aware analytics; and incident containment time improved to under 15 minutes for critical systems. Critical success factors included: hiring analysts with railway operations experience to interpret alerts; developing custom SIEM rules for ETCS, interlocking, and traction power protocols; and integrating cybersecurity monitoring with existing safety management systems to avoid alert fatigue. The SOC’s playbook library—covering scenarios from ransomware in corporate IT to false data injection in signaling—was referenced in ERA’s 2024 cybersecurity guidance for critical entities.

SNCF’s zero-trust remote access deployment, completed in 2023 across 15,000 maintenance endpoints, demonstrates how modern security architectures can accommodate railway operational constraints. The solution provides field technicians with secure access to OT systems for diagnostics and updates while enforcing strict access controls: multi-factor authentication via railway-issued tokens; just-in-time privileged access with session recording; and device posture validation before granting network access. Results: credential-based attack attempts decreased by 94%; maintenance workflow efficiency improved by 18% through streamlined access provisioning; and audit compliance simplified through centralized logging. Crucially, the deployment preserved fallback access methods for emergency scenarios—a requirement driven by safety regulations—while ensuring that fallback paths are monitored and logged. The project’s methodology—phased rollout starting with non-safety systems, extensive user training, and continuous feedback loops—was adopted by three other European railway operators through UIC knowledge sharing.

Lessons from incidents continue to refine practice. A 2022 phishing campaign targeting railway maintenance staff revealed that generic security awareness training was insufficient for OT contexts: staff could identify corporate email phishing but struggled with targeted attacks impersonating signaling vendors. The subsequent program revision introduced railway-specific scenarios: simulated phishing emails mimicking ETCS software updates, interlocking configuration changes, and traction power maintenance requests. Post-training assessments showed a 67% improvement in staff ability to identify OT-targeted phishing. This feedback loop—operational experience driving security program refinement—exemplifies the adaptive mindset required for railway cybersecurity.

Editor’s Analysis: Railway cybersecurity represents a profound engineering challenge: protecting systems where a successful attack could compromise not just data but physical safety, where legacy equipment cannot be easily replaced, and where operational continuity is non-negotiable. Its strength lies in integration—embedding security controls within safety arguments, aligning NIS2 compliance with RAMS processes, and designing defenses that respect real-time constraints. Yet the field’s greatest value may be cultural: by forcing collaboration between safety engineers, operations staff, and IT security teams, it breaks down silos that have historically impeded holistic risk management. However, challenges persist. The pace of adversary innovation—AI-powered attacks, supply chain compromises, zero-day exploits—often outstrips the railway industry’s conservative change management processes. Additionally, the global talent shortage in OT cybersecurity disproportionately impacts railways, which compete with better-resourced sectors for specialized skills. Looking ahead, emerging technologies offer both promise and peril: FRMCS will enable more secure communications but expands the attack surface; digital twins enable better threat modeling but introduce new data protection challenges; AI-driven detection improves accuracy but requires explainability for safety certification. But technology alone is insufficient: no algorithm compensates for inadequate governance, poor stakeholder coordination, or insufficient investment in foundational security hygiene. The enduring lesson is that railway cybersecurity is engineered, not purchased—requiring meticulous architecture, rigorous validation, and continuous adaptation. In an era of escalating cyber threats and increasing societal dependence on rail transport, that discipline is not optional; it is foundational to public trust and operational resilience.
— Railway News Editorial

Frequently Asked Questions

1. How does railway cybersecurity balance the competing demands of security, safety, and availability in safety-critical systems?

Railway cybersecurity balances security, safety, and availability through a risk-informed, defense-in-depth approach that prioritizes safety integrity while layering protective controls. First, safety-by-design: security controls are evaluated against safety cases to ensure they cannot introduce new failure modes or degrade existing safety functions—for example, encryption for ETCS messages must not add latency that violates timing requirements for movement authority updates. Second, graceful degradation: systems are designed with fail-safe fallback modes that maintain safety even if security controls are bypassed or fail; for instance, if a cyber incident compromises a Radio Block Center, trains can revert to trackside signals under degraded but safe operation. Third, compensating controls: where traditional security measures (e.g., frequent patching) are infeasible due to operational constraints, alternative protections are implemented—such as network segmentation to isolate legacy systems, protocol whitelisting to block unauthorized commands, or behavioral monitoring to detect anomalous activity. Crucially, this balance is formalized through integrated assurance processes: cybersecurity risk assessments feed into safety cases, security controls are validated through the same independent assessment bodies that certify safety functions, and incident response playbooks are coordinated with emergency procedures to ensure that security actions do not compromise safety. The EN 50701 standard, published in 2022, provides a framework for this integration by defining railway-specific cybersecurity requirements that align with the EN 50126 RAMS lifecycle. For engineers, this means security is not an add-on but a design parameter—every control must be evaluated not just for its security efficacy but for its impact on safety and availability. In safety-critical rail systems, that holistic perspective is not optional; it is foundational to public trust and regulatory compliance.

2. What specific challenges arise when applying enterprise cybersecurity controls to legacy railway OT systems?

Applying enterprise cybersecurity controls to legacy railway OT systems presents five interrelated challenges that require tailored solutions rather than direct transplantation. First, lifecycle mismatch: enterprise security tools assume regular patching and updates, but railway OT systems often operate for 30–50 years with minimal software changes due to safety certification requirements; this necessitates compensating controls like network segmentation and protocol monitoring rather than relying on vulnerability patching. Second, protocol constraints: legacy OT protocols like IEC 60870-5-104 or proprietary signaling interfaces lack built-in security features (authentication, encryption) and cannot be easily modified without recertification; security must therefore be implemented at network boundaries through gateways that validate and filter protocol traffic without disrupting real-time performance. Third, resource limitations: many legacy OT devices have constrained processing power and memory that cannot support modern security agents; lightweight monitoring via network taps or passive sensors becomes essential rather than host-based protection. Fourth, operational continuity: security controls must not impede emergency maintenance or degrade system performance; this requires extensive testing of security measures in operational environments and fallback procedures that maintain safety if security controls fail. Fifth, skills gap: OT security requires expertise in both cybersecurity and railway operations—a rare combination that necessitates cross-training programs and collaboration between IT security teams and operations engineers. The DB Netz legacy modernization program exemplifies best practice: rather than replacing legacy interlocking systems, they deployed protocol-aware intrusion detection at network boundaries, implemented strict access controls for maintenance interfaces, and established a dedicated OT security team with railway operations experience. For security architects, this means legacy OT security is not about applying enterprise playbooks but about engineering context-aware defenses that respect operational constraints while providing meaningful risk reduction.

3. How does the NIS2 Directive change cybersecurity obligations for railway operators, and what practical steps ensure compliance?

The EU NIS2 Directive, effective from October 2024, significantly expands cybersecurity obligations for railway operators designated as critical entities, introducing requirements that go beyond previous frameworks. First, risk management measures: operators must implement technical and organizational measures proportionate to risks, including policies on risk analysis, incident handling, business continuity, and supply chain security—documented in a cybersecurity management system aligned with ISO/IEC 27001 but adapted for OT contexts. Second, incident reporting: significant cyber incidents must be reported to national authorities within 24 hours of awareness, with an initial notification followed by a detailed report within 72 hours; this requires predefined incident classification criteria and streamlined reporting workflows that integrate with existing safety incident procedures. Third, supply chain security: operators must assess cybersecurity risks in their supply chains, requiring security clauses in contracts, vendor assessments, and monitoring of third-party access to critical systems—a particular challenge given the long lifecycles and global nature of railway supply chains. Fourth, governance and accountability: senior management must approve cybersecurity risk management measures and oversee their implementation, with personal liability for negligence in some member states; this elevates cybersecurity from an IT issue to a board-level priority. Practical compliance steps include: conducting a gap analysis against NIS2 requirements using the EN 50701 framework; integrating cybersecurity risk assessments into existing safety management systems per EN 50126; establishing a cross-functional cybersecurity governance committee with representation from operations, safety, IT, and legal; and investing in security operations capabilities tuned for railway OT environments. The ERA NIS2 implementation guidance, published in 2024, provides sector-specific interpretation to help operators navigate these requirements while maintaining alignment with railway safety regulations. For compliance teams, this means NIS2 is not a standalone obligation but a catalyst for maturing cybersecurity practices that are already aligned with railway safety culture.

4. What role does threat intelligence play in railway cybersecurity, and how can operators access relevant, actionable intelligence?

Threat intelligence is critical for proactive railway cybersecurity but requires adaptation to the sector’s unique threat landscape and operational constraints. Generic threat feeds often lack relevance: indicators of compromise targeting enterprise IT may not apply to OT protocols, and adversary tactics for financial systems differ from those targeting critical infrastructure. Railway-specific threat intelligence must address: adversary groups with interest in transport disruption; vulnerabilities in railway-specific protocols and equipment; and attack patterns that exploit the IT/OT convergence in modern rail systems. Access pathways include: first, sector-specific information sharing—ERA’s cybersecurity network facilitates anonymized incident sharing among European railway operators, while UIC’s cybersecurity working group develops sector-specific threat assessments and mitigation guidance. Second, critical infrastructure partnerships—national CSIRTs (Computer Security Incident Response Teams) and ENISA provide tailored intelligence for critical entities, including early warnings about campaigns targeting transport. Third, vendor collaboration—signaling and rolling stock manufacturers increasingly provide security advisories and vulnerability disclosures for their products, though transparency varies. Fourth, commercial threat intelligence providers—some specialize in industrial control systems or critical infrastructure, offering railway-tuned feeds, though cost and relevance must be evaluated. Crucially, intelligence must be operationalized: raw indicators are less valuable than contextualized analysis that answers “what does this mean for our specific systems?” and “what actions should we take?” This requires analysts with both cybersecurity and railway operations expertise who can translate intelligence into detection rules, patching priorities, or configuration changes. The DB Systel SOC exemplifies best practice: they maintain a dedicated threat intelligence function that curates railway-relevant feeds, validates indicators against their environment, and produces actionable briefings for operations teams. For security teams, this means threat intelligence is not about collecting more data but about focusing on relevant, contextualized insights that drive measurable risk reduction in railway-specific contexts.

5. How will emerging technologies like FRMCS, digital twins, and AI impact railway cybersecurity, and what preparations are needed?

Emerging technologies present both opportunities and challenges for railway cybersecurity, requiring proactive adaptation of security strategies. FRMCS (Future Railway Mobile Communication System), based on 5G, will replace GSM-R from 2025–2040, offering enhanced bandwidth and network slicing but expanding the attack surface through IP-based protocols and software-defined networking. Preparations include: adopting zero-trust architecture for FRMCS core networks; implementing network slicing isolation to prevent lateral movement between safety-critical and passenger services; and developing key management systems that scale to distributed, software-defined infrastructure. Digital twins—virtual models of physical assets fed by real-time sensor data—enable better threat modeling and incident response but introduce new risks: compromised sensor data could corrupt the twin, leading to incorrect operational decisions, while the twin itself becomes a high-value target for adversaries seeking to understand system vulnerabilities. Mitigations include: securing data pipelines with cryptographic integrity checks; implementing access controls that distinguish between read-only monitoring and write-access for simulation; and treating the digital twin as a critical asset requiring the same protection as physical systems. AI and machine learning offer promise for threat detection and anomaly identification but raise challenges for safety certification: AI models can be opaque (“black box”), making it difficult to demonstrate fail-safe behavior required for safety-critical systems. Preparations include: developing explainable AI techniques that provide auditable decision rationale; establishing validation frameworks that test AI systems against adversarial examples; and integrating AI outputs into human-in-the-loop decision processes where safety is at stake. Crucially, these technologies must be secured by design: cybersecurity requirements should be embedded in procurement specifications, architecture reviews, and testing protocols from the earliest stages of technology adoption. The ERA technology foresight program, updated annually, provides guidance on emerging technology risks and mitigation strategies for the European rail sector. For innovation teams, this means cybersecurity is not a barrier to adoption but a design principle—ensuring that new technologies enhance rather than undermine the safety, security, and resilience of railway operations.