BY SySTem

Managing CBTC Without Disruption

Communications-Based Train Control (CBTC) systems rely on continuous, deterministic communication among onboard (VOBC), wayside (Zone Controllers), and control-center components (ATS) to deliver safe, high-capacity rail service. Because CBTC environments are safety-certified and tightly coupled, cybersecurity must protect system integrity without interfering with automated behavior or operational performance.

Get a Demo
Challenges

The Main Challenges in Securing CBTC Systems

CBTC systems depend on real-time communication

Movement authority, train separation, and supervision are driven by constant data exchange over the DCS (Data Communication System). Any disruption, delay, or unexpected behavior in these communication paths can affect system-wide performance and safety margins.

Traditional security techniques conflict with safety certification

Active scanning of safety-critical components like the ATP, intrusive monitoring, or rapid configuration changes can violate safety cases and certification constraints. This limits the tools available to security teams and makes it difficult to gain assurance without introducing operational risk.

Normal CBTC behavior changes dynamically during operations

CBTC systems adjust constantly to dwell times, degraded modes, recovery scenarios, and service patterns, changing the traffic profile on the backbone network. Distinguishing between expected operational variation and anomalous system behavior requires a deep understanding of CBTC communication flows and control logic.

OUR Solution

How CylusOne Secures CBTC Systems

Observing CBTC Without System Interference

CylusOne provides passive, non-intrusive monitoring with Deep Packet Inspection (DPI) for proprietary CBTC protocol flows to validate the integrity of CBTC communications. Assessing traffic between Zone Controllers (ZC) and VOBC ensures that Movement Authority (MA) messages or limit-of-movement commands are legitimate.

Separating System Change from Cyber Risk

CylusOne identifies deviations in CBTC communication and control behavior that may indicate cyber risk or unintended system changes. Focusing on system-level interactions rather than generic indicators helps teams investigate anomalies while preserving deterministic timing, certified behavior, and automated control. CylusOne also detects anomalies in network metrics by analyzing DCS traffic to identify signs of potential attacks.

Decision-Making for Live CBTC Operations

CylusOne supports rail-safe response for CBTC systems by providing operational context that enables careful, informed decision-making. Instead of forcing immediate intervention, it helps teams assess scope and impact, coordinate across security and engineering functions, and protect system integrity while maintaining capacity, headways, and safety assurance.

Learn More about CylusOne
for all kind

Securing All Rail-Specific Systems

ERTMS
PTC
Computer-Based Interlocking
Rolling Stock
Power Supply
CCTV
Station Building Management Systems

Extended Resources

Whitepaper
The Rail Cybersecurity Landscape in 2025
On-Demand Webinar
Securing the Tracks: Cybersecurity and Innovation in North America's Rail Industry
On-Demand Webinar
The Road to IEC 63452: Standardizing Rail Cybersecurity
More from our blog

Ready to protect your rail?

Our specialists will help you back on track

Talk with an Expert

Extended Resources

Whitepaper

The Rail Cybersecurity Landscape in 2025

On-Demand Webinar

Securing the Tracks: Cybersecurity and Innovation in North America's Rail Industry

Cylus: Cybersecurity Purpose-Built for Rail

CylusOne × Google SecOps