New architecture combines RazorSecure technology with Westermo switch-based intrusion detection and EKE-Electronics MVB expertise to improve cyber oversight across onboard train systems.
RazorSecure has launched The Secure Train, a rolling stock cyber security architecture designed to give operators, train builders and asset owners greater visibility and control across onboard networks, maintenance interfaces and train communication systems.
As the rail sector prepares for IEC 63452, it is important to have a clearer model of what good cyber security architecture looks like. The Secure Train is designed to support that direction of travel by bringing together visibility, zoning and secure maintenance in one architecture.
The architecture brings together RazorSecure’s rail cyber security technologies with partner capabilities from Westermo and EKE-Electronics. It combines network segregation, onboard intrusion detection, secure maintenance access, switch-based intrusion detection and multifunction vehicle bus monitoring in a single framework for new-build and existing fleets.
Modern rolling stock includes a wide range of connected onboard systems and external access points. As connectivity increases, operators and asset owners need visibility of not only of what is entering the train network, but also of what is happening within it.
The Secure Train has been developed to provide that visibility, helping identify unexpected activity, detect configuration changes, monitor traffic between onboard systems and control maintenance access throughout a train’s operational life.
A key feature of the architecture is the deeper onboard visibility it can provide through a switch-based intrusion detection system using partner technology from Westermo. This extends monitoring beyond the main gateways and into internal onboard networks, helping customers detect unexpected activity and configuration changes deeper within the train environment.
Westermo, a global provider of industrial data communications solutions for the rail and energy sectors, supports this switch-based detection approach, helping bring integrated hardware and software capability together within The Secure Train.
The Secure Train also extends visibility into the multifunction vehicle bus, or MVB, through EKE- Electronics technology within the architecture. By combining EKE-Trainnet® MVB monitoring with RazorSecure intrusion detection, it gives greater insight into onboard systems that support vital operational functions.
Customers can adopt the full Secure Train architecture or deploy the elements that fit their fleet and operating requirements. Used together, these elements provide a stronger overall cyber security architecture across the train. Deployed separately, they can still strengthen cyber security in targeted areas of the onboard environment.
The Secure Train supports both software-led and hardware-enforced deployment. Fleets seeking broader visibility with minimal additional hardware can use rail specific switch-based intrusion detection on existing onboard infrastructure where appropriate. Fleets that require stronger enforcement and auditability can also incorporate dedicated technologies including RazorSecure’s Security Gateway and Digital Maintenance Gateway, alongside MVB intrusion detection.
RazorSecure’s Security Gateway is designed to enforce separation between external, passenger and operational onboard networks. Its Digital Maintenance Gateway provides controlled maintenance access through individual user credentials, audited activity and secure software update processes. RazorSecure Delta provides intrusion detection across onboard environments, while Echo supports broader operational and asset visibility.
Alex Cowan, CEO at RazorSecure, said:
“Cyber security in rolling stock has focused on controlling access at the edge. That still matters, but the real gap is visibility across onboard systems and networks. The Secure Train is built to close that gap and bring together the controls customers need to secure the train as a connected system. ”
The Secure Train is intended for both new-build and existing rolling stock. For train builders, it provides a framework for embedding cyber security into vehicle design from the outset. For operators and asset owners, it supports improved onboard visibility, stronger control of maintenance activity and more consistent cyber security management across fleets.
For more information visit The Secure Train
As the rail sector prepares for IEC 63452, it is important to have a clearer model of what good cyber security architecture looks like. The Secure Train is designed to support that direction of travel by bringing together visibility, zoning and secure maintenance in one architecture.
The architecture brings together RazorSecure’s rail cyber security technologies with partner capabilities from Westermo and EKE-Electronics. It combines network segregation, onboard intrusion detection, secure maintenance access, switch-based intrusion detection and multifunction vehicle bus monitoring in a single framework for new-build and existing fleets.
Modern rolling stock includes a wide range of connected onboard systems and external access points. As connectivity increases, operators and asset owners need visibility of not only of what is entering the train network, but also of what is happening within it.
The Secure Train has been developed to provide that visibility, helping identify unexpected activity, detect configuration changes, monitor traffic between onboard systems and control maintenance access throughout a train’s operational life.
A key feature of the architecture is the deeper onboard visibility it can provide through a switch-based intrusion detection system using partner technology from Westermo. This extends monitoring beyond the main gateways and into internal onboard networks, helping customers detect unexpected activity and configuration changes deeper within the train environment.
Westermo, a global provider of industrial data communications solutions for the rail and energy sectors, supports this switch-based detection approach, helping bring integrated hardware and software capability together within The Secure Train.
The Secure Train also extends visibility into the multifunction vehicle bus, or MVB, through EKE- Electronics technology within the architecture. By combining EKE-Trainnet® MVB monitoring with RazorSecure intrusion detection, it gives greater insight into onboard systems that support vital operational functions.
Customers can adopt the full Secure Train architecture or deploy the elements that fit their fleet and operating requirements. Used together, these elements provide a stronger overall cyber security architecture across the train. Deployed separately, they can still strengthen cyber security in targeted areas of the onboard environment.
The Secure Train supports both software-led and hardware-enforced deployment. Fleets seeking broader visibility with minimal additional hardware can use rail specific switch-based intrusion detection on existing onboard infrastructure where appropriate. Fleets that require stronger enforcement and auditability can also incorporate dedicated technologies including RazorSecure’s Security Gateway and Digital Maintenance Gateway, alongside MVB intrusion detection.
RazorSecure’s Security Gateway is designed to enforce separation between external, passenger and operational onboard networks. Its Digital Maintenance Gateway provides controlled maintenance access through individual user credentials, audited activity and secure software update processes. RazorSecure Delta provides intrusion detection across onboard environments, while Echo supports broader operational and asset visibility.
Alex Cowan, CEO at RazorSecure, said:
“Cyber security in rolling stock has focused on controlling access at the edge. That still matters, but the real gap is visibility across onboard systems and networks. The Secure Train is built to close that gap and bring together the controls customers need to secure the train as a connected system. ”
The Secure Train is intended for both new-build and existing rolling stock. For train builders, it provides a framework for embedding cyber security into vehicle design from the outset. For operators and asset owners, it supports improved onboard visibility, stronger control of maintenance activity and more consistent cyber security management across fleets.
For more information visit The Secure Train
