Railways have long been a presence in mainstream media, from songs to the big screen; they're a symbol of movement, connection, and human ingenuity. But in recent years, television thrillers have turned them into digital battlegrounds. High-stakes plots now feature hackers taking control of trains, and while the stories are fictional, the vulnerabilities that inspire them are rooted in reality.

Rail Hacks on Screen

Zero Day (2025)

In Zero Day, starring Robert De Niro, a sweeping cyberattack cripples the United States, shutting down power, communications, and transport. Trains are caught in the fallout: signals fail, crossings go dark, and collisions unfold as if the railways themselves had been hacked. The series stops short of showing attackers directly at the throttle, but the outcome mirrors the same danger, a cyber-induced loss of control that turns rail into a weapon of chaos. It’s a dramatized scenario, but manages to depict the national-security stakes of cyber resilience, especially when the digital lifelines that keep trains safe and on time are severed.

Nightsleeper (2024)

In Nightsleeper, what begins as a routine overnight journey from Glasgow to London quickly turns into chaos when the train stops responding to its crew. Hackers have seized control of the systems remotely, a “hack-jacking,” as the series coins it, leaving no driver in command. Passengers find themselves trapped on a runaway train, while the UK’s National Cyber Security Centre races to outwit the attackers. The suspense escalates as human drama inside the carriages collides with a high-stakes digital battle in the control room, showing just how fast a cyber intrusion could spiral into a real-world crisis.

Liaison (2023)

In this Franco-British political thriller, cyberattacks ripple across critical infrastructure, with rail systems becoming one of the most visible casualties. Hackers infiltrate signaling and control networks, culminating in a devastating crash that shakes public confidence. While scripted for suspense, the storyline reflects a real concern. Modern railways run on deeply interconnected IT and OT networks, and this overlap creates genuine vulnerabilities.

From Fiction to Reality: What We’ve Already Seen

While these shows may exaggerate for drama, recent cyberattacks against railways prove the risks are far from fiction. In the past two years alone, incidents around the world have disrupted operations, exposed vulnerabilities, and highlighted just how real these threats have become.

• Ukraine (March 2025) – Ukraine’s state railway was hit with a major cyberattack that shut down online ticketing and freight systems. Staff were forced back to paper processes, and weeks later, only half of its IT services had been restored.
  ‍
• United States (Known Since 2012, Advisory in 2025) – A flaw in the End‑of‑Train/Head‑of‑Train (EoT/HoT) wireless braking protocol has existed since at least 2012. Because of weak BCH checksums and no encryption, an attacker with under $500 in SDR equipment could mimic brake commands remotely. Fixes are slated for full deployment by 2027.
  
  
• Pittsburgh Regional Transit (December 2024) – A ransomware attack disrupted light-rail dispatch systems, delayed trains, and exposed personal data of employees and job applicants. Ticketing functions were slowed, some services went offline, and the agency had to launch a large-scale recovery effort.
  
  
• United Kingdom (September 2024) – Offensive content was pushed onto public Wi-Fi at 19 major stations, including London Euston and Glasgow, by an insider at a contracted provider. Services weren’t stopped, but public trust took a hit, and insider risk was thrown into the spotlight.
  
  
• Poland (August 2023) – More than 20 trains were abruptly halted when someone broadcast fake “radio-stop” signals using cheap, off-the-shelf equipment (as little as $30). The unencrypted analog VHF system made stops easy to trigger from hundreds of meters away; security experts warned that this vulnerability was well-known. Though no injuries occurred, the incident highlighted outdated rail communication systems.

Why It Matters

On TV, a crisis is wrapped up in an hour. In reality, recovery takes time, resources, and coordinated effort across teams. The recent incidents in Europe and North America show that rail cyberattacks are not abstract risks; they’ve already disrupted services, exposed sensitive data, and stressed critical operations. It’s no coincidence that rail cybersecurity is becoming a popular theme in fiction, when something captures the public imagination, it often means real attackers are already exploring similar possibilities.

The encouraging part is that operators and suppliers are steadily strengthening defenses, implementing secure-by-design systems, improving monitoring, and gaining clearer visibility into their rail networks so that these incidents remain the exception, not the rule.

‍