The review identified that some risks could not be mitigated from wayside or central systems alone. Controls were needed inside the onboard environment.
The operator required an onboard capability to separate systems, monitor network activity and control traffic between different areas of the train network.
RazorSecure was selected to support these requirements through its Security Gateway and Intrusion Detection capabilities. The decision reflected both the required cyber security technology and RazorSecure’s deep understanding of rolling stock, train networks and the practical realities of integration in rail environments.
Rolling stock cyber security has to work within the realities of railway operation.
Modern rolling stock includes onboard systems that support passenger service, operations, maintenance and communications. As fleets become more connected, operators need clearer control over how those systems interact.
For this operator, the challenge was to introduce onboard network segmentation and other functions following IEC 62443 standards and methods in a way that worked across different rolling stock types. The solution had to fit rolling stock architecture, engineering change processes and long-term fleet maintenance requirements.
What the operator needed
The operator needed a rolling stock specific cyber security capability that could:
- separate different areas of the train network
- monitor onboard network activity
- control traffic between onboard systems
- support cyber security requirements across multiple fleets
- fit the engineering realities of rolling stock
- be maintained safely and practically over time
The requirement was technical, but the challenge was operational. The solution had to work on trains, across fleets and within rail processes. It could not be treated as a fit-and-forget cyber security product.
Why RazorSecure
The operator selected RazorSecure after a formal European tender process.
RazorSecure’s Security Gateway capability met the requirement for onboard segmentation, security monitoring and control. The operator also needed a partner that understood rolling stock, not just cyber security.
The project required rail knowledge, technical capability and integration experience. The technology had to work in complex train environments, not just in a generic IT network setting.
“RazorSecure brought the rail knowledge, technical capability and integration experience needed to make cyber security technology work in a complex train environment. This combined set of skills proved to be a crucial factor in our project success.” Project Manager, Major European Rail Operator
RazorSecure supported the operator as a technology provider and integration partner, helping the solution fit the train environment and wider programme requirements.
RazorSecure’s Security Gateway capability forms part of the operator's wider onboard cyber security programme.
The operator selected hardware which complied to local regulators demands. RazorSecure integrated their Security Gateway solution on this hardware and supported the integration of that integrated solution into the train network.
Security Gateway is designed to support network segregation and separation across onboard rolling stock architectures. In this project, it helps separate different areas of the onboard environment, monitor network activity and control how traffic moves between systems.
The integration also had to align with the operator’s rail engineering change processes, so the solution could be introduced in a controlled and practical way across different fleet types.
For the operator, the value was not only the Security Gateway capability itself. It was RazorSecure’s ability to help make that capability work in a complex train environment and across multiple fleet types.
Deployment at scale
RazorSecure’s Security Gateway capability forms part of a wider onboard cyber security programme set to span
450+ ~ 760
train sets Security Gateway deployments.
Without a more standardised approach, the operator risked managing separate cyber security solutions across different rolling stock types. That would have added complexity for engineering, operations and cyber security teams.
By applying a common approach across multiple fleets, the operator is moving towards a more manageable model for onboard cyber security.
Outcomes
The programme is helping the operator strengthen cyber control across connected rolling stock.
- separate onboard systems across different areas of the train network
- control traffic between systems
- monitor activity within the onboard environment
- reduce the complexity of managing separate cyber security approaches
- apply a standardised model across multiple fleets
- support long-term cyber security management across rolling stock
The work is also shaping how the operator approaches future rolling stock requirements. Onboard segmentation, monitoring and control are becoming part of its wider expectations for connected rolling stock.
Learn more at razorsecure.com/security-gateway
