back arrow
Back to Resources
Case Study

Bridging the Gap Between Cybersecurity and Rail Operations with Cylus and Thales

Bridging the Gap Between Cybersecurity and Rail Operations with Cylus and Thales
Case Study

Bridging the Gap Between Cybersecurity and Rail Operations with Cylus and Thales

Large State-Owned Infrastructure Manager
icon location
Automated Real-Time Asset Visibility of Signaling Infrastructure and Auxiliary Application
Demonstrating Compliance with Cybersecurity Requirements
Proactively Addressing Rail Technology Cybersecurity Needs
customer icon

The Customer

The customer is one of Europe’s most prominent rail companies with a system length of approximately 12,000 km (7,450 mi) and 1,500 stations supporting over 1.7M trains in circulation annually. The customer is focused on being at the forefront in maintaining the role played by new rail technologies.

Their corporate vision is to be a benchmark as an organization focused on managing reliable, sustainable, safe, and intelligent infrastructures that contribute to the new model of ecological transition. And their mission is to operate, manage and build a smart rail network adapted to the new, competitive and sustainable technological ecosystem, thus contributing to the sustainable development goals (SDGs).

The Cylus team are experts in bringing together two very different technology domains - cybersecurity and rail operations technology. And it is this expertise that has allowed them to build CylusOne, a completely optimized cybersecurity platform to protect rail tech applications including those most critical to resilient and safe operations.
Agustín Solís Pila, Business Development Cybersecurity at Thales
challenges icon

The Challenges

The project's genesis began in early 2021 with a cybersecurity risk assessment conducted on the customer’s existing trackside signaling infrastructure. As a result of the risk assessment, the customer and their rail integrator for signaling, Thales, began to investigate cybersecurity solutions for their rail-specific technology environment.

From the beginning, the two key drivers for this joint project were:

  • Demonstrating compliance with the customer’s cybersecurity requirements, including NIS directives.
  • Providing asset inventory and network visibility across their widely distributed rail infrastructure network with thousands of rail-specific assets and applications. There was also a requirement to identify and report on rail asset type and asset function.

Additional requirements that arose during the project included support of auxiliary systems, including the CCTV and VoIP applications, and integration support with the customer’s IBM QRadar security information and event management (SIEM) solution.

solution icon

The Solution

As an initial step in the project in September 2021, Cylus was asked to validate the CylusOne rail technology security platform in Thales’ technology lab. Upon successfully completing this validation, the customer outlined an initial, limited project deployment in the live trackside network in late September 2021. The design layout of the project is shown in the image below, which included using a non-intrusive virtual (VMware ESXi) network probe to monitor the multi-vendor trackside network covering the multiple signaling channels and supporting the auxiliary CCTV and VoIP applications.

TimelineDescription automatically generated
CylusOne security platform deployment

The initial deployment was designed to run continuously for three months and also included monitoring for cybersecurity anomalies using external threat intelligence from Cylus research labs and included integration into the customer’s SIEM solution.

The Customer's initial deployment succes criteria included: 

The customer's initial deployment success criteria included:

  • Real-time asset visibility in a live trackside network.
  • Visibility of unknown assets.
  • The creation of network security zones according to TS-50701.
  • Automated virtual segmentation and policy creation.
  • Demonstrated regulatory compliance.
  • Demonstrated real-time security threat detection in a live rail-specific network.

The major rail technology security outcomes resulting from  the deployment of CylusOne in the customer’s signaling infrastructure included:

  1. Successfully demonstrating the simple deployment of a non-intrusive cybersecurity solution in a live, legacy trackside network.
  2. Protecting both the rail safety-critical infrastructure (signaling applications) and other auxiliary systems (CCTV and VoIP applications).
  3. Providing network and asset visibility with deep rail context and intelligence for the identified systems.
  4. Demonstrating cybersecurity use cases that helped bridge the customer’s security and operations teams.


At the successful conclusion of this initial project, Amir Levintal, CEO and Co-Founder at Cylus, and Agustín Solís Pila, Business Development Cybersecurity at Thales, presented a joint case study at Rail Live 2022. The presentation, titled “Cylus and Thales - Bridging the Gap Between Cybersecurity and Rail Operations,“ offered a view into the collaborative project the companies are partnering on for one of Europe's most prominent rail companies to protect its signaling system.

Cylus CEO Amir Levintal and Thales' Business Development Cybersecurity, Agustin Solis Pila at Rail Live
Thales and Cylus discuss the joint cybersecurity project at Rail Live 2022
The Cylus team successfully delivered against every success criteria we defined for this trackside signaling infrastructure cybersecurity project. Our organization is extremely pleased with the outcomes.
Head of Maintenance

Let’s Talk About Securing Your Rail

Our experts will get you back on track

Schedule a Call
Blue right arrowWhite right arrow