BY SySTem

Operating ERTMS Across National Rail Networks

ERTMS enables interoperable rail operations by standardizing train control (ETCS) and supervision across borders. With onboard, wayside, radio, and control systems tightly integrated, cybersecurity must protect interoperability and system integrity without disrupting certified operation or cross-border service.

Get a Demo
Challenges

The Main Challenges in Securing ERTMS Systems

ERTMS environments span multiple organizations and jurisdictions

Trains with EVCs (European Vital Computers), trackside RBCs, and GSM-R networks are often operated and maintained by different entities. This shared responsibility increases exposure and makes it difficult to assess risk or attribute anomalous behavior without a unified system view.

ERTMS operation is governed by strict standards and certification

Safety cases and UNISIG Subset-026 requirements limit the use of intrusive security controls. Security measures must respect standardized interfaces and certified configurations while still providing assurance across the system.

Operational behavior varies by level, mode, and geography

ERTMS systems behave differently depending on deployment (Level 1: Eurobalises only; Level 2: Euroradio or hybrid), operational mode, and national implementation. Differentiating expected variation from abnormal system behavior requires awareness of how ERTMS operates across lines, borders, and service conditions.

OUR Solution

How CylusOne Secures ERTMS Systems

Passive Observation Across Standardized ERTMS Interfaces

CylusOne secures ERTMS systems by passively monitoring communications across OBUs (EVC), RBCs, GSM-R/Euroradio, and control centers. It establishes an operational baseline that reflects real ERTMS behavior across different levels and operational modes, without interfering with standardized interfaces or certified configurations. CylusOne threat detection for ERTMS focuses on validating the Euroradio session layer and ensuring that RBC↔EVC exchanges align with UNISIG Subset-026 exchanges via balises. Monitoring balise telegram patterns and balise inventory consistency adds an additional integrity layer.

Detecting Anomalies While Preserving Interoperability


CylusOne identifies deviations in ERTMS communications and system interactions that may indicate cyber risk, misconfiguration, or unintended change. Focusing on how standardized components interact in practice helps teams investigate anomalies while preserving interoperability and compliance with ERTMS standards.

Coordinated, Rail-Safe Response Across Organizational Boundaries

CylusOne supports rail-safe response across complex ERTMS environments by providing system-level context that spans organizational and geographic boundaries. This enables coordinated assessment and decision-making among infrastructure managers, operators, and security teams, helping to contain risk while maintaining cross-border service continuity and system integrity.

Learn More about CylusOne
for all kind

Securing All Rail-Specific Systems

CBTC
PTC
Computer-Based Interlocking
Rolling Stock
Power Supply
CCTV
Station Building Management Systems

Extended Resources

Whitepaper
The Rail Cybersecurity Landscape in 2025
On-Demand Webinar
Securing the Tracks: Cybersecurity and Innovation in North America's Rail Industry
On-Demand Webinar
The Road to IEC 63452: Standardizing Rail Cybersecurity
More from our blog

Ready to protect your rail?

Our specialists will help you back on track

Talk with an Expert

Extended Resources

Whitepaper

The Rail Cybersecurity Landscape in 2025

On-Demand Webinar

Securing the Tracks: Cybersecurity and Innovation in North America's Rail Industry

Cylus: Cybersecurity Purpose-Built for Rail

CylusOne × Google SecOps