Back to Blogs

Rail Tech Security Platform: Minimizes Operations Risk and Maximizes Resilience

Shahaf Rozanski
Shahaf Rozanski
VP Product
CylusOne Rail Tech Security Platform, delivering real-time asset visibility, threat detection, and response capabilities across heterogeneous operational Rail Tech environments.
Cylus Rail Tech Security Platform Product Blog Post main

Cylus is the global leader in rail cybersecurity, and today announced expansions in scope and capabilities of its CylusOne Rail Tech Security Platform delivering real-time asset visibility and threat detection and response capabilities across heterogeneous operational rail technology (Rail Tech) environments. CylusOne helps rail operators minimize risk, improve cybersecurity, and demonstrate regulatory compliance while reducing manual workloads.

Rail executives and Boards are asking tough questions about Rail Tech risks and resilience. And CISOs are looking for more holistic and rail-specific approaches that both protect and enable growth for the business. Cylus is innovating and expanding capabilities in our CylusOne platform to meet and solve today’s rail security challenges creating the new expanded Rail Tech Security Platform category.

Building on the already robust CylusOne platform, we have expanded the scope of the platform to protect the entire operational Rail Tech environment, are providing even deeper levels of rail context, have added new risk management capabilities helping rail operators improve their Rail Tech security postures, and have expanded integrations with existing rail operator cybersecurity, operations, and maintenance ecosystem of tools. Below is more detail on each.

Expanded Support for the Operational Rail Tech Environment – The CylusOne Rail Tech Security Platform now supports the full Rail Tech environment, and a host of new operations use cases beyond just cybersecurity uses. 

  • Support for New Rail Tech Systems and Use Cases – Cylus has expanded the scope of the platform to protect the entire operational Rail Tech environment including signaling, command and control, auxiliary, comfort, and public applications in rolling stock networks, trackside / wayside networks, T2G communications, operational control and maintenance centers, and station networks.

Deeper Levels of Rail Context – The CylusOne Rail Tech Security Platform provides unmatched rail asset and communications context essential to help both cybersecurity and rail operations personnel better understand the information provided.

  • New Asset Discovery and Classification Capabilities – In addition to the previous CylusOne ability to classify assets based on their rail function or application (e.g., ATP, ATO, interlocking, etc.) and rail application-level identifiers such as TCS, Interlocking, CBTC protocol identifiers, safety protocol identifiers, Cylus now also includes unique rail attributes like train number, car ID, speed, geo location, last balise encountered, and safety integrity level rating. CylusOne can also discover assets on IP and non-IP networks (e.g., collecting the RBC SCI ID from the IP network and its MSISDN number from the cellular (GSM-R) network).
  • Rail-Specific Response Playbooks and Mitigation Guidance – Following the detection of any cybersecurity threat, CylusOne provides customers with tools and guidelines to investigate and mitigate the identified threat. Mitigation instructions are attached to each alert. Instructions can be customized to be even more tailored for the specific rail environment in which CylusOne is deployed. Root causes of abnormal behavior are attached to each alert for a quick understanding of the problem. CylusOne presents a detailed view of all the events and messages in a user-friendly format, along with powerful filters based on IP or railway properties. The mitigation instructions in CylusOne are built to “speak” in the rail operational language, to enable operators to understand and act upon an alert.
  • Forensics and PCAP Capture – To investigate threats and alerts customers may need access to the actual network traffic that generated the alert. CylusOne supports the capture and download of PCAP files containing raw forensic data of suspicious traffic that took place immediately before and after an alert was triggered. Users are also able to initiate network recording for a specific asset and further analyze all traffic generated to and from the asset.
  • MITRE for Rail Mappings – Cylus has developed a rail-specific mapping of alerts to the MITRE ICS ATT&CK framework. Each alert generated by the CylusOne platform is mapped to a specific MITRE ICS ATT&CK technique and tactic, making it easier to quickly understand the nature of the attack and to possibly forecast an adversary's next steps.

New Risk Management Capabilities – The CylusOne Rail Tech Security Platform includes new capabilities helping rail operators improve their Rail Tech security postures.

  • Vulnerability Management – CylusOne identifies vulnerable assets within a customer's rail network using multiple sources enabling customers to quickly identify their vulnerable Rail Tech assets. Vulnerabilities are prioritized based on the vulnerability severity and the customer-specific rail environment by analyzing the attack vector and complexity, potential impacts on confidentiality, integrity, and availability, and the scope and potential actions required to exploit the vulnerability. And CylusOne in very many cases functions as a compensating control or countermeasure helping to detect and protect against exploit attempts within the Rail Tech environment with detection rules and policies created specifically to protect against specific vulnerability exploits.
  • Security Posture Monitoring – The CylusOne Security Posture report is used to indicate the security status of the railway network and its information resources. CylusOne provides customer cybersecurity teams with up-to-date information on security gaps found in the network and how to mitigate them. These security gaps are based on both IT and OT best practices (e.g., the use of old and vulnerable versions of a given protocol, identifying assets communicating directly with the Internet, the use of clear text passwords, etc.).
  • Expanded Threat Intelligence – The CylusOne continuous threat intelligence feed was expanded to provide detection rules and mitigations for the latest known threats including threats and vulnerabilities to specific Rail Tech systems such as ERTMS, CBTC, PTC, and proprietary vendor technologies. The Cylus Research Team is evaluating additional intelligence to provide Cylus’ customers with even earlier warnings about possible threat actor intentions and campaigns.

Expanded Integrations into the Existing Ecosystem of Tools – The CylusOne Rail Tech Security Platform now integrates with even more existing customer systems.

  • New Vendor / Product Integrations – CylusOne platform cybersecurity integrations now include SIEM, firewall / next-gen firewalls, native probe integration running on network equipment and firewalls, service management and ticketing systems, identity management and single-sign-on solutions, rail maintenance systems, and location services. These integrations speed the deployment of CylusOne into existing infrastructure, speed the time to value for customers, make alert investigations and remediations easier, and allow cybersecurity and operations teams to work more closely using a singular data source. 

Delivering New and Unmatched Value

Rail operators, rail integrators, and global service providers trust Cylus to provide broad Rail Tech visibility and cybersecurity innovations to ensure safe and reliable operations. As cyber threats increase and rail leaders demand greater support to address rail tech security, Cylus’ mission to lead rail transport to a cyber-secure future continues to evolve. We are committed to supporting our current and future customers with a holistic and integrated Rail Tech Security Platform that helps them protect their strategic rail operations assets.

Originally published
May 22, 2023
May 22, 2023

Share this post