BY SySTem

Securing Rolling Stock Across Mixed Fleets

Rolling stock environments span onboard control, communications, diagnostics, and passenger systems across diverse fleets and generations. Consistent protection across onboard systems is required as fleets evolve.

Get a Demo
Challenges

The Main Challenges in Securing Rolling Stock

Rolling stock fleets are inherently heterogeneous

A single operator may run vehicles from different manufacturers, with varying onboard architectures, protocols, and upgrade cycles. This diversity makes it difficult to apply consistent security controls or gain a unified understanding of onboard system behavior.

Onboard systems interact continuously with ground infrastructure

Rolling stock communicates with signaling, control centers, depots, and maintenance systems via a mix of wired and wireless links, such as Wi-Fi and LTE. These interactions expand the attack surface and make it harder to understand how onboard behavior changes across routes, depots, and operational modes.

Security approaches cannot depend on vendor-specific integration

Proprietary tools and embedded security features vary widely across suppliers and fleet generations. Relying on vendor-specific access limits coverage and creates gaps as fleets evolve or new vehicles are introduced.

OUR Solution

How CylusOne Secures Rolling Stock

Vendor-Agnostic Insight Across Onboard Communications

CylusOne secures rolling stock through vendor-agnostic monitoring of onboard communications (including protocols like TRDP, IPTCom, CIP…) across the train backbone / consist networks, plus train-to-ground interactions, building visibility across TCMS, passengers-facing systems, and onboard subsystems without requiring invasive agents or OEM-specific integration. Observing how onboard components communicate, regardless of manufacturer, enables a consistent operational baseline across mixed fleets without requiring changes to onboard configurations.

Detecting Risk in Onboard and Train-to-Ground Interactions

CylusOne identifies anomalous onboard behavior that may indicate cyber risk, misconfiguration, or unintended lateral movement from PIS/PACIS to safety-critical subsystems or VCUs (Vehicle Control Units). By focusing on communication patterns and system relationships rather than proprietary internals, it enables investigation across fleets without being tied to a specific supplier or vehicle model.

Rail-Safe Protection of Onboard System Integrity

CylusOne supports rail-safe response for rolling stock environments by providing context that spans onboard, depot, and operational interfaces. This helps teams assess impact, coordinate action across stakeholders, and protect onboard system integrity while keeping trains in service.

Learn More about CylusOne
for all kind

Securing All Rail-Specific Systems

CBTC
ERTMS
PTC
Computer-Based Interlocking
Power Supply
CCTV
Station Building Management Systems

Extended Resources

Whitepaper
The Rail Cybersecurity Landscape in 2025
On-Demand Webinar
Securing the Tracks: Cybersecurity and Innovation in North America's Rail Industry
On-Demand Webinar
The Road to IEC 63452: Standardizing Rail Cybersecurity
More from our blog

Ready to protect your rail?

Our specialists will help you back on track

Talk with an Expert

Extended Resources

Whitepaper

The Rail Cybersecurity Landscape in 2025

On-Demand Webinar

Securing the Tracks: Cybersecurity and Innovation in North America's Rail Industry

Cylus: Cybersecurity Purpose-Built for Rail

CylusOne × Google SecOps