Digitization is transforming rail and transit from its historic dependence on manual mechanics and human operators to a modern industry that’s now partially automated and increasingly interconnected. While successive waves of technology create immense benefits and new opportunities for owners and operators to transform their services, the speed of change and sheer complexity of rail and transit makes it one of the most challenging critical infrastructures to secure.

Specifically, the rapid convergence of operational technology (OT), information technology (IT) and the "Internet of Things" (IoT) across its highly dispersed infrastructure is creating potential new vulnerabilities which expose rail and transit networks to new risks, ranging from cyber-attacks to circumstantial accident risk.

Every journey starts with a single step. Are you ready to step up security for an interconnected world?

Technology convergence at speed and scale

Changing business models, cost pressures, aging assets and ever-increasing regulation are driving an irreversible convergence of core technologies within the modern rail infrastructure, enabling greater efficiencies, repeatability, scalability of operations at the front end, as well as smarter back office functions, cloud adoption and enhanced customer services.

Convergence also allows operators to harness drones and other autonomous or unmanned vehicles, biometric and other sensors, artificial intelligence (AI), robotic process automation (RPA), advanced video analytics and other innovations to optimize operations across their physical networks, assets and infrastructure.

Where rail networks once relied on people to respond, trains and network are increasingly reliant on interconnected devices "talking" to each other to run these operations.

Adopt a holistic approach for defense

To be effective in an increasingly interconnected and automated world, rail and transit security must be managed as an end-to-end holistic process and offer multi-layered defence, spanning conventional IT plus the growing OT and IoT/IIoT security risk domains, while recognizing the distinct characteristics of each.

Here are seven steps to strengthen security:

1. Create defense in depth

Adopt a multi-layered strategy laterally and vertically across the entire new technology stack/network. Multiple levels of digital defense and monitoring will detect risks before they become critical.

2. Address risk holistically

Ensure your enterprise security architecture addresses security risks holistically across the entire stack/network—including IT, OT, IoT/IIoT monitoring and the physical dimensions of technology solutions.

3. Incident response preparedness

Test and practice incident response plans on a regular basis to ensure you continue to be prepared and keep evolving your capabilities.

4. Secure connectivity and infrastructure

Review all connections between IT and OT ensuring data connections are risk assessed, secured and plugged into the monitoring capabilities, and build security through connected sensors.

5. Coordinate access control

Deploy new capabilities for stringent physical and digital identity and access controls to prevent unauthorized access and ensure that anomalies can be identified and acted upon immediately.

6. Embrace AI and RPA

Take advantage of rapid advances in AI, machine learning and RPA to create smarter ways to improve risk monitoring and management across the whole enterprise.

7. Futureproof new capabilities

Put security at the forefront when introducing new capabilities to the rail and transit network, from monitoring vehicles to adding new interactivity to passenger apps or ticket vending machines.

It’s vital to maintain a clear focus on the business context and understand that more than ever, security isn’t simply a technology problem, it’s a commercial imperative. But with the right approach, you can stay constantly prepared to keep your rail and transit networks moving and your business running smoothly.

About the Authors

Alden Cuddihey

Managing Director – Rail and Transit Global


Michael English

Managing Director – Rail and Transit NA


Pierre-Olivier Desmurs

Managing Director – Rail and Transit EALA


Claudio Bacalhau

Managing Director – Rail and Transit AAPAC


Kevin O’Brien

Senior Principal, NA – Security

MORE ON THIS TOPIC


Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter