Next Article in Journal
Regulating Cyberworthiness: Governance Frameworks for Safety-Critical Cyber-Physical Systems
Previous Article in Journal
How Rituals Can Contribute to Co-Governance: Evidence from the Reconstruction of Water Pipes of Old Housing Estates in Shanghai
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Systems
Volume 13
Issue 10
10.3390/systems13100861
systems-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Analysis of Factors Influencing Cybersecurity in Railway Critical Infrastructure: A Case Study of Taiwan Railway Corporation, Ltd.

by
Liang-Sheng Hsiao
1,
I-Long Lin
1,
Chi-Jan Huang
2,* and
Hsiang-Te Liu
3
1
Department of Computer Science and Information Engineering, Tatung University, Taipei 104327, Taiwan
2
General Education Center, Ming Chuan University, Taipei 111013, Taiwan
3
Department of Public Affairs and Administration, Ming Chuan University, Taoyuan 333321, Taiwan
*
Author to whom correspondence should be addressed.
Systems 2025, 13(10), 861; https://doi.org/10.3390/systems13100861
Submission received: 29 August 2025 / Revised: 16 September 2025 / Accepted: 26 September 2025 / Published: 29 September 2025
Browse Figures
Versions Notes

Abstract

The present study investigated factors influencing cybersecurity in railway critical infrastructure by identifying relevant factors and criteria and then prioritizing them in order of importance. To address the lack of multi-criteria analysis in previous studies on this topic, the present study applied the analytical hierarchy process to identify factors and criteria influencing cybersecurity and then selected the top 70% of influencing criteria to serve as a reference for railway cybersecurity project management. A total of 25 valid expert questionnaires were collected for weight vector analysis, revealing that the influencing criteria in the top 70% were inability to monitor train occupancy in track sections (locations); inability of controllers to issue commands to safety control systems; inability to provide drivers with information on upcoming signals, block status, and train occupancy; failure to automatically apply brakes when the train exceeds the speed limit; increased risk of catastrophic accidents due to power system security vulnerabilities; and inability of the dispatching system to automatically track train numbers.

1. Introduction

Technologies such as artificial intelligence (AI), blockchains, and the Internet of Things (IoT) have converged to drive the next wave of the digital revolution. When integrated into critical infrastructure (CI), these technologies have the potential to improve quality of life and enhance national productivity and economic growth [1,2]. However, CI remains vulnerable to both human-caused disruptions and natural disasters. Damage to these systems can severely impact governmental and societal functions, leading to casualties, property loss, economic downturns, environmental degradation, and broader threats to national security and interests [3,4,5,6]. CI can be classified into eight major sectors based on functional attributes: energy, water resources, communications, transportation, finance, emergency services and healthcare, government institutions, and science and industrial parks [7]. These infrastructures are not only vital to public welfare but also play a pivotal role in maintaining economic stability and national sovereignty [8,9]. Moreover, the dependencies and interdependencies among different types of infrastructure can lead to cascading effects [10]. Taiwan Railway Corporation, Ltd. (TRC) is the earliest-developed and most historically established railway infrastructure operator in Taiwan. Until the entry of Taiwan High Speed Rail Corporation (THSRC) in 2007, TRC remained the sole provider of railway services in the country. Owing to its long operational history, TRC now faces the dual challenges of legacy infrastructure modernization and increasing susceptibility to disruption from emerging digital technologies. TRC primarily serves medium- and short-distance passenger routes, whereas THSRC focuses on medium- and long-distance transportation. In terms of ridership, TRC handles approximately twice the passenger volume of THSRC.
The present study focused on issues of information integration and cybersecurity management within TRC. TRC was preceded by the Taiwan Railways Administration (TRA), which is better known as “Taiwan Railway”. Throughout its 138-year history, Taiwan Railway has played a foundational role in Taiwan’s development and achieved marked improvements in ridership and passenger service quality. In particular, its information and communication systems have gradually evolved toward greater digitization and integration [11]. TRC’s operational systems encompass several core subsystems, including train control, signal communications, station dispatching, information and communication technology networks, and maintenance facilities. These systems are critical to Taiwan’s daily commuter traffic and freight logistics. However, as system complexity increases, so too do associated cybersecurity risks [12]. In recent years, TRC has experienced incidents involving communication failures, dispatching errors, and cybersecurity breaches. These events have not only disrupted operations and safety but also significantly impacted the public’s daily lives [13]. Despite the growing importance of these issues, studies examining the cybersecurity aspects of railway safety remain limited; therefore, the present study aimed to analyze the cybersecurity risks facing TRC in the context of digital transformation and to identify key influencing factors. In addition to evaluating the relative importance of these factors, the researcher team further proposed the development of a cybersecurity checklist to serve as a reference for railway administrators in establishing CI network security.

1.1. CI and Cybersecurity

In 2024, the frequency of global cyberattacks surged dramatically. On average, organizations faced 1308 cyberattacks per week during Q1 alone [14], representing a 28% increase compared to Q4 of 2023. Notably, high-impact attacks targeting CI rose by 140% during this period [15]. As such, protecting CI from cyber threats has become an increasingly urgent priority. In the face of escalating cyber risks, enhancing cyber resilience in CI systems is essential [16]. The ultimate goal of cyber resilience is to ensure that digital infrastructure continues to support innovation and functionality under adverse conditions [17]. For railway systems in particular, cyber resilience has become especially vital.
The growing integration of IoT technologies, such as energy distribution networks, into CI has led to significant improvements in continuous monitoring, operational efficiency, and service delivery [18]. However, because railway systems rely heavily on electric power to support their full range of operational functions, their power systems also represent a potential point of vulnerability for cyberattacks. Establishing measurable cyber resilience indicators for CI is a key step toward protecting increasingly interconnected systems from sophisticated cyberattacks [19]. Cybersecurity vulnerabilities in railway systems may lead to cascading failures that cripple the overall transportation network [20]; however, human error is also widely recognized as one of the primary causes of cybersecurity incidents [21]. Railway infrastructure increasingly leverages IoT devices, sensors, software, and automation technologies to collect and monitor safety-related data. When such infrastructure is targeted by cyberattacks, these safety detection systems may be rendered ineffective—resulting in a greater risk of traffic accidents and even casualties.

1.2. CI and Analytical Hierarchy Process-Based Analytical Studies

Numerous studies have applied the analytical hierarchy process (AHP) to CI issues, and AHP is widely acknowledged as a suitable method for establishing prioritization within infrastructure management. He et al. [22] conducted an AHP-based landslide susceptibility assessment to evaluate threats to railway safety and operational sustainability; the study revealed that high-risk zones are strongly associated with mountainous terrain, high-precipitation areas, and regions with concentrated populations and economic activity—factors that critically affect railway infrastructure. Panchal et al. [23] developed a landslide hazard map along National Highway 5 using AHP-derived weightings combined with the Weighted Linear Combination technique, overlaying causal factor layers to generate a spatial risk map. Abuzwidah et al. [24] utilized AHP to systematically analyze how climate change variables influence transportation networks. Al-Barqawi et al. [25] developed an integrated model and framework combining AHP with artificial neural networks to prioritize watermain renewal within the water distribution system. Piratla et al. [26] applied AHP to determine the renewal prioritization of culverts. Udie et al. [27] explored how extreme weather events impose varying degrees of stress on critical oil and gas infrastructure; through the use of AHP, they conducted vulnerability assessments to support management strategies for climate adaptation in these infrastructure systems.
Previous AHP studies on railway critical infrastructure have included landslide susceptibility assessment, the high rainfall factor, and the impact assessment of extreme climate change. These studies mostly focus on the impact of the external environment on railway transportation. Our study, however, specifically conducts a risk assessment analysis on the information security of the railway’s internal systems, including the railway radio dispatching system, the centralized traffic control system, the automatic train protection system, and the power system. This approach differs from past research and represents a key contribution of this study.

2. Materials and Methods

The present study examined potential cybersecurity risks associated with railway transportation CI and identified key risk factors for risk management in this context. Based on secondary data collection and a comprehensive review of the relevant literature, the research team synthesized critical factors influencing risk management and then adopted these factors as the foundation for questionnaire design. The resulting survey data were analyzed using AHP to determine the relative weights of each key factor. The analysis further identified which risk factors should be prioritized during the execution of project management tasks [28].

2.1. Research Targets

To ensure the reliable evaluation of risk management in railway-related project implementation, the present study targeted individuals with practical experience in railway transportation, including industry professionals, government personnel, and academic researchers in related fields. Based on a comprehensive review and analysis of the literature, the research team developed a hierarchical structure of influencing factors related to cybersecurity in railway CI. These key factors were then incorporated into an expert questionnaire aimed at collecting valuable and actionable insights. The responses were used to statistically analyze the relative weights of each factor influencing cybersecurity in railway CI. The questionnaire was conducted anonymously and asked railway experts to assess the weights of various risk dimensions and influencing factors. No personal information was collected, and informed consent was obtained from all participants prior to the administration of the questionnaire.

2.2. Expert Questionnaire Design Using AHP

AHP is one of the most widely adopted survey-based methods in social science research for analyzing the relative weights of risk factors. It is particularly effective for capturing expert knowledge and experience regarding specific events or conditions. As previously noted, numerous studies on railway safety have applied AHP to conduct weight analysis of influencing factors [22,23,24,25,26,27].
Through an extensive literature review and expert consultation, the research team identified four primary dimensions of cybersecurity risks associated with railway CI: (1) dispatch radio communication systems; (2) centralized traffic control (CTC) systems; (3) automatic train protection (ATP) systems; and (4) power systems. Based on the consolidation of relevant causes, key influencing factors were identified under each of the four major cybersecurity risk dimensions. These factors were organized and summarized, as shown in Figure 1. A total of 16 critical cybersecurity risk factors related to threats in railway infrastructure were listed under the four dimensions and used as evaluation elements in the AHP cybersecurity risk assessment.
The four assessment dimensions for railway systems are also closely interconnected. The centralized traffic control (CTC) system directly influences the automatic train protection (ATP) system. Specifically, the CTC system manages and dispatches all train routes and signals. The ATP system receives commands from the CTC to ensure that trains operate at the designated speeds. The operational commands for the ATP system originate from the CTC. If the information security of the CTC system is compromised, for instance, through a cyberattack that results in the alteration of commands, the ATP system will execute incorrect instructions, potentially leading to train collisions or derailments.
The railway radio dispatching system is a critical communication link between the dispatcher and the train driver. Any malfunction, interference, eavesdropping, or forgery within this system can pose a risk to operational safety. The radio dispatching system on the train, the centralized traffic control (CTC) system, and the network systems all depend on the power system for their operation. If the power system is compromised, all other train systems will become inoperable.
  • Establishing the Hierarchical Framework Structure
A hierarchical framework provides a structural backbone that allows for a comprehensive representation of a system’s full functionality and dimensions. The number of levels within the hierarchy depends on the complexity of the problem under investigation and the variability of its influencing factors. In 1980, Saaty [28] proposed several principles for constructing hierarchical structures in decision-making processes.
Accordingly, the present study disassembled the complex problem into multiple levels (as shown in Figure 2). The first level represented the expected outcome or goal of the problem to be solved; the second level consisted of evaluation criteria for achieving that goal; the third level included the factors used to assess the criteria in the previous level; and the fourth level presented the possible alternatives or solutions for addressing the problem [29].
  • Questionnaire Design
To determine the relative importance of each element, pairwise comparisons must be conducted. Saaty recommended the use of a nine-point scale for evaluation (as shown in Table 1). Based on this scale, a pairwise comparison questionnaire was designed (see Table 2). When there are n criteria, a total of n (n − 1)/2 pairwise comparisons are required [30]. Table 1 presents the Sample Size and corresponding Random Index (R.I.). Saaty proposed the use of the Consistency Index (C.I.) to represent the degree of consistency [30]. The Consistency Ratio (C.R.) is calculated by dividing C.I. by R.I.

2.3. AHP Hierarchical Structure and Construction of Risk Factors

The present study adopted the AHP, a multi-criteria decision-making method, as a tool for analyzing risk factors related to project management threats. To construct a hierarchical decision-making structure addressing key threats in project management, the present study followed AHP hierarchy theory. Based on a review of the relevant literature, four major cybersecurity risk dimensions were synthesized: (1) dispatch radio communication systems, (2) centralized traffic control (CTC) systems, (3) automatic train protection (ATP) systems, and (4) power systems. Each dimension included several influencing factors, for a total of 16 critical risk factors. The contents of these dimensions and their respective key factors are presented in Table 3, Table 4, Table 5 and Table 6. The AHP expert questionnaire was designed using pairwise comparisons to evaluate the relative importance and weight of each criterion across hierarchical levels.
In the dimension of cybersecurity risks associated with dispatch radio communication systems, the first critical factor was the inability of dispatchers to issue dispatch instructions, which can compromise operational safety and scheduling efficiency [31]. The inability of train crew to communicate with one another was also a significant cybersecurity risk associated with the dispatch radio communication system, as it may delay reporting of faults or abnormalities [32,33]. The failure of the emergency reporting system may prevent timely emergency alerts [34]. Furthermore, the inability to record calls results in the loss of critical information, which poses challenges for future investigation and clarification of incidents [35].
Within the dimension of cybersecurity risks in CTC systems, some studies point out that the inability to monitor train occupancy in track sections may lead to train collisions, dispatching difficulties, and safety hazards [36]. When controllers are unable to issue commands to safety control systems—such as signaling equipment and track switches—it can compromise operational safety and disrupt train dispatching [37]. The inability of the dispatching system to automatically track train numbers can result in dispatching errors and misjudgment of train positions [38]. Additionally, the inability to automatically record train arrival, departure, or passing times at stations is another risk factor that impairs real-time awareness of train operations [39].
In terms of cybersecurity risks associated with ATP systems, the inability to provide drivers with information on upcoming signals, block status, and train occupancy deprives drivers of ATP assistance [40]. The inability to determine the speed limit for following trains based on the position of the preceding train increases the risk of rear-end collisions [41]. The inability to transmit speed restriction information to trains may cause trains to travel too fast or too slow, resulting in accidents [42]. Additionally, the failure to automatically apply brakes when the train exceeds the speed limit poses a significant threat to passenger safety [43].
Regarding the cybersecurity risks in power systems, power outages can lead to train operation disruptions and delays, posing operational safety risks [44]. Prolonged blackouts and halted trains may cause overheating and oxygen depletion inside the train, endangering passenger safety [45]. Power failures may also result in signal and communication system malfunctions, such as signal blackouts and track switch failures, increasing the likelihood of collisions [46]. Since certain braking systems rely on electrical power, the inability to apply brakes during power failures may result in catastrophic accidents [47].

3. Results

The research team established a hierarchical analytical structure, consisting of four risk dimensions and sixteen evaluation criteria (risk factors), as detailed above. Next, they applied AHP to compute the relative weights of the criteria based on data collected from expert questionnaires.
In this study, the AHP questionnaire only asked respondents to evaluate the relative weights of the dimensions and evaluation criteria. No personal data from respondents were collected. At the beginning of the questionnaire, participants were informed that their responses would remain anonymous and unidentifiable. The research team is committed to protecting respondents’ privacy and maintaining confidentiality to minimize any potential risk of personal data exposure. The data will be analyzed in aggregate and published in an international journal, with no commercial interests involved. Participation is entirely voluntary, and respondents are free to decline or withdraw from the questionnaire at any time without any pressure.
A total of 28 expert questionnaires were distributed, with 25 valid responses received, yielding a response rate of 89%. The respondents included professionals from government agencies and experienced practitioners in the communications industry, which ensured that the overall evaluation criteria effectively addressed the risk objectives while maintaining objectivity. The background information of the participating experts is summarized in Table 7, Table 8 and Table 9.
The AHP survey respondents’ expertise covers four key domains: communications and information systems, railway traffic dispatching and transportation management, systems integration and project management, and mechatronics and power engineering. These specializations align with the four major risk factors explored in this study. The organizational levels of the respondents include senior executives, middle management/technical supervisors, and grassroots management and operational staff. The organizations they represent include railway regulatory authorities, railway operating agencies, and information and communication technology vendors. This diverse background of the respondents is sufficient to confirm the representativeness of the sample in this study.
To ensure the validity of the expert questionnaire results, consistency testing was conducted. This included the C.I., which assesses internal consistency of individual expert judgments; the C.R., which evaluates consistency within a single hierarchical level; and the Consistency Ratio of the Hierarchy (C.R.H.), which assesses consistency across the overall hierarchical structure. When C.I., C.R., and C.R.H. are all ≤0.1, the rankings assigned by experts to both major dimensions and evaluation criteria are considered logically consistent, thus confirming the overall rationality of the hierarchical structure. The computations in the present study were performed using the decision support software Expert Choice 11.0. In addition to satisfying the threshold of ≤0.1 for C.I., C.R., and C.R.H., the Overall Inconsistency was calculated to be 0.0013, well within the acceptable limit (≤0.1), indicating a high degree of overall consistency.
Preliminary results based on responses from 25 experts are presented in Table A1, Table A2, Table A3, Table A4 and Table A5. These results formed the basis for subsequent calculations and the ranking of relative weights between risk dimensions and their corresponding evaluation criteria.

3.1. Analysis Results of Cybersecurity Risk Dimensions

Among the four major cybersecurity risk dimensions, the CTC system accounted for the highest proportion at 39.9%, indicating its critical importance within the overall framework. The ATP System ranked second, comprising 29.3%, followed by the Power System at 18.6%, and the Dispatch Radio Communication System at 12.1%, representing the lowest weighted dimension. Although the combined weight of the Power System and Dispatch Radio Communication System exceeded that of the ATP system alone, it still fell short of the weight attributed to the CTC system. This highlights the indispensable role of the ATP System in achieving the overarching goal of railway cybersecurity and underscores its significance within the overall hierarchical structure.

3.2. Analysis Results of Evaluation Criteria

3.2.1. Weights of Evaluation Criteria Within the Dispatch Radio Communication System Cybersecurity Risk Dimension

The evaluation criteria set under the Dispatch Radio Communication System cybersecurity risk dimension are presented in Table 10. Among these, “inability of dispatchers to issue dispatch instructions” held the highest weight at 40.3%, followed by “failure of the emergency reporting system” at 32.1%. The “inability of train crew to communicate with one another” and “inability to record calls, resulting in the loss of critical information” ranked third and fourth, with weights of 20.3% and 7.2%, respectively. Within this risk dimension, experts identified the inability of dispatchers to issue instructions as the most critical cybersecurity risk factor. If dispatchers are unable to command trains due to system attacks or malfunctions, it could lead to operational disruptions, scheduling chaos, or even potential accidents. These risks, when compounded by other associated threats, could result in significant losses; thus, it is crucial to prioritize resource allocation to mitigate this vulnerability [31]. Although the inability to record calls received the lowest weight, it should not be overlooked. A reliable recording mechanism is essential for maintaining dispatch records, clarifying post-incident accountability, and preventing difficulties and disputes due to missing call records during follow-up investigations [35].

3.2.2. Weights of Evaluation Criteria Within the CTC System Cybersecurity Risk Dimension

As shown in Table 11, the cybersecurity risk dimension of the CTC system included four evaluation criteria. The highest weight (44.6%) was assigned to “inability to monitor train occupancy in track sections”, followed by “inability of controllers to issue commands to safety control systems” (31%), “inability of the dispatching system to automatically track train numbers” (15.1%), and “inability to automatically record train arrival, departure, or passing times at stations” (9.3%). This dimension demonstrated that if the CTC system is compromised due to cyberattacks or technical failures, real-time monitoring of train locations may be lost, potentially leading to misjudgments of train intervals. This could result in delays, service disruptions, or, in severe cases, train collisions or routing conflicts [36]. Therefore, accurate and reliable monitoring of track section occupancy was the foremost cybersecurity concern in this system. In contrast, the automation of train number tracking and station time recording functions were considered secondary risks. Although these features are essential for operational efficiency and management, they present relatively low cybersecurity exposure compared to the former two.

3.2.3. Weights of Evaluation Criteria Within the ATP System Cybersecurity Risk Dimension

A total of four evaluation criteria were established in the ATP system cybersecurity risk dimension, as presented in Table 12. Ranked by their relative weights, these were “inability to provide drivers with information on upcoming signals, block status, and train occupancy” (37.6%), “failure to automatically apply brakes when the train exceeds the speed limit” (33.5%), “inability to determine the speed limit for following trains based on the position of the preceding train” (17%), and “inability to transmit speed restriction information to trains” (11.9%). In this risk dimension, the core cybersecurity objectives of the ATP system are reflected in the real-time delivery of signal, block, and occupancy information, as well as in the system’s automatic braking intervention when trains operate unsafely. Therefore, resource allocation and technical measures should focus on the essence of cybersecurity risks, prioritizing the strengthening and consolidation of these two critical capabilities.

3.2.4. Weights of Evaluation Criteria Within the Power System Cybersecurity Risk Dimension

As shown in Table 13, in the power system cybersecurity risk dimension, the highest weighted evaluation criteria (43.1%) was assigned to “increased risk of catastrophic accidents,” followed by “malfunctions in signal and communication systems” (28.8%), “increased passenger safety risks” (20.4%), and “train operation disruptions and delays” (7.2%). The dominant weight assigned to catastrophic accidents indicates that if a cyberattack, malicious sabotage, or unintentional failure were to compromise the power system, it could lead to severe consequences—such as large-scale power outages, explosions, or fires—posing a major threat to railway operations and personnel safety. Such events may also trigger cascading disasters, complicating emergency response and recovery efforts [46]. Power anomalies frequently cause malfunctions in signal and communication systems, thereby increasing operational safety risks [47]. Moreover, sudden interruptions in the power system can lead to failures or disruptions in facilities and equipment, which directly affects passenger safety during movement within stations, on trains, and between station areas. The resulting panic within a short time frame may further exacerbate evacuation challenges.

3.3. Prioritization of Cybersecurity Risk Factors for Railway CI

Table 14 presents the results of cumulative weighting and prioritization for the 16 evaluation criteria in the present study. The findings revealed that “inability to monitor train occupancy in track sections, “inability of controllers to issue commands to safety control systems”, “inability to provide drivers with information on upcoming signals, block status, and train occupancy”, “failure to automatically apply brakes when the train exceeds the speed limit”, “increased risk of catastrophic accidents”, and “inability of dispatching systems to automatically track train numbers” were among the most critical cybersecurity risk factors, collectively accounting for the top 70% of cumulative weights. These six factors represent key areas in cybersecurity management for railway CI, and resources should be prioritized accordingly for improvement or enhancement. According to Table 4, Table 5, Table 6, Table 7, Table 8, Table 9 and Table 10, three of the cybersecurity risk factors that fell within the top 70% of cumulative weightings belonged to the CTC system dimension, with the top two ranking factors both originating from this dimension. This highlighted the substantial importance of cybersecurity in CTC systems. On the other hand, the Dispatch Radio Communication System was the only risk dimension that contained no risk factor within the top 70% of cumulative weights. Consequently, it may be given lower priority in cybersecurity resource allocation; however, practical operational needs should still be considered, with limited cybersecurity resources dynamically reallocated in a hybrid manner to ensure appropriate and responsive risk management.

4. Discussion

Emerging technologies such as AI, blockchains, and the IoT have been increasingly integrated into CI, and with them comes the promise of enhanced operational efficiency and public welfare. However, viewed from a risk-oriented perspective, the integration of AI, blockchains, and IoT into CI also introduces significant cybersecurity vulnerabilities, the potential consequences of which—particularly in terms of human safety and economic loss—merit serious consideration and in-depth analysis. Although prior railway safety research has often focused on technical or single-dimensional aspects, few studies have focused on multi-attribute decision-making; therefore, this study adopted AHP to assess risk factors associated with railway infrastructure and compiled a list of the top 70% of prioritized criteria to facilitate cybersecurity risk management in railway systems.
Focusing on the cybersecurity risks of the Taiwan Railway, the present study constructed a hierarchical framework comprising four primary risk dimensions and 16 evaluation criteria. The AHP method was employed to derive expert-based weightings and identify the relative prioritization of cybersecurity risks in the protection of railway CI. On the basis of the results, the cybersecurity risk dimension of the CTC system held the highest weight (39.9%), underscoring the urgent need for protection in real-time monitoring of train occupancy and issuance of control commands. The ATP system ranked second (29.3%), which highlighted the importance of reliable control and braking mechanisms in ensuring operational safety.
The analysis further revealed that among the top six high-risk factors, three belonged to the CTC system and two belonged to the ATP system, identifying these two systems as core domains for cybersecurity protection in Taiwan Railway’s CI. Specifically, “inability to monitor train occupancy in track sections”, “failure of controllers to issue commands to safety systems”, and “inability to provide signal and block information to drivers” are critical threats. If exploited via cyberattacks, these weaknesses could severely disrupt train operations and passenger safety, potentially leading to catastrophic incidents such as collisions. Although the dispatch radio communication system cybersecurity dimension ranked lowest overall (12.1%), its internal criteria—such as “inability of dispatchers to issue instructions” and “failure of emergency reporting”—still represented notable risks. These factors should be included in the baseline protection standards and be subject to regular auditing to mitigate or eliminate risks.
By systematically identifying critical cybersecurity risk factors in railway transportation infrastructure and providing quantifiable prioritization, the present study offers actionable insights for future resource allocation and policy development. The findings emphasize the need to focus cybersecurity efforts on core control and operational subsystems. It is therefore recommended that the government and Taiwan Railway implement differentiated and proactive protection strategies for key subsystems to strengthen cybersecurity resilience and enhance risk governance in the railway sector.
This study primarily focuses on the risk factors concentrated within a railway company’s internal information security systems. Research on railway information security threats in Japan encompasses issues related to the system’s sheer scale and complexity, as well as the safety of on-site infrastructure like platform doors and track intrusion detection systems. Any single point of failure in a railway’s information system can lead to catastrophic casualties. European research on railway infrastructure indicates that as automation increases, cybersecurity risks emerge as a new threat. Historically, engineering designs have paid less attention to information security issues and have also failed to address railway staff’s lack of security awareness and inadequate training [48]. Fundamentally, the research findings on railway information security from both Japan and Europe show a strong similarity to those of this study. For future railway information security management, it is crucial to focus on security management and information sharing across multi-organizational and systemic frameworks, and to strengthen inter-departmental communication and coordination to mitigate major casualties caused by information security failures.
Yu et al. studied how to strategically place “protection nodes” to prevent the cascading of a single point of failure in critical networked infrastructures [49]. Their research introduced the concept of “vaccine centrality” based on a partially ordered set, which provides partial inspiration for how a single risk factor in a train’s journey could lead to a large-scale disaster. This research inspires our study by suggesting that any single risk from the four major information security criteria and their secondary standards could escalate into a major traffic accident and disaster. Therefore, all primary and secondary information security risks should be comprehensively monitored, and protection nodes should be established.

5. Practical Recommendations

For the cybersecurity risks associated with the CTC system, it is recommended to adopt a zero-trust architecture with stricter network segmentation and software control, as well as enhance cybersecurity awareness and training for railway IT personnel. As for the ATP system, power system, and dispatch radio communication system, the establishment of a cybersecurity monitoring platform and regular third-party audits are necessary to improve cybersecurity resilience and system reliability.
To mitigate risks in the dispatch radio communication system, deploying redundant communication devices is advised to ensure alternative communication channels in the event of primary system failure. Additionally, encryption of dispatcher voice communications should be implemented to prevent interception or disruption. Communication recordings should be captured in real time and stored in off-site backups.
Regarding the critical risk factor “inability to monitor train occupancy in track sections” under the CTC system, the resilience and cybersecurity of track circuit sensors should be enhanced. AI-based video recognition technologies could also assist in detection and response. Transmission paths for control commands should be encrypted, and system stability must be reinforced. For the power system, establishing robust defensive and rapid recovery mechanisms is essential, along with real-time anomaly and cybersecurity monitoring.
Policies should advocate for network segmentation, strictly partitioning access between core systems, office networks, and external networks. A strict software whitelisting policy should be implemented, allowing only authorized applications to be executed. Independent third-party cybersecurity firms should be regularly commissioned to conduct penetration tests and security audits. The resilience of track circuit sensors should be enhanced to withstand both physical and cyberattacks. The power system should be fortified with a multi-layered defense, deploying firewalls, intrusion detection systems, and intrusion prevention systems at various levels.

6. Research Limitations and Future Research Directions

While the Analytic Hierarchy Process (AHP) can assist decision-makers in clarifying the weights of criteria and alternatives in diverse situations, it is not without its drawbacks. AHP suffers from subjective bias in expert judgments, limitations in its hierarchical structure, and an inability to effectively address ambiguity. Consequently, some studies have adopted the Delphi method to first define problems and evaluation criteria, thereby reducing subjective bias and group pressure among experts. Other researchers have used Fuzzy AHP to address the vagueness inherent in subjective expert judgments. In recent years, scholars have begun to integrate these methods by inputting the criteria weights derived from Fuzzy AHP into machine learning models to build predictive or classification models.
This study, however, relies solely on AHP for its weight analysis. We therefore suggest that future researchers consider a mixed-methods approach, combining Delphi, Fuzzy AHP, and machine learning. This integration would likely lead to more diverse findings and robust outcomes.

Author Contributions

Conceptualization, L.-S.H. and I.-L.L.; methodology, L.-S.H.; software, C.-J.H.; validation, L.-S.H. and C.-J.H.; formal analysis, L.-S.H. and C.-J.H.; investigation, L.-S.H. and C.-J.H.; resources, C.-J.H.; data curation, L.-S.H. and H.-T.L.; writing—original draft preparation, L.-S.H. and C.-J.H.; writing—review and editing, L.-S.H. and C.-J.H.; visualization, L.-S.H. and H.-T.L.; supervision, I.-L.L.; project administration, L.-S.H. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Data is contained within the article.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
AHPAnalytical Hierarchy Process
AIArtificial Intelligence
ATPAutomatic Train Protection
CICritical Infrastructure
CTCCentralized Traffic Control
C.I.Consistency Index
C.R.Consistency Ratio
C.R.H.Consistency Ratio of the Hierarchy
IoTInternet of Things
R.I.Random Index
THSRCTaiwan High Speed Rail Corporation
TRATaiwan Railways Administration
TRCTaiwan Railway Corporation, Ltd.

Appendix A

Table A1. Summary of major dimensions.
Table A1. Summary of major dimensions.
Evaluation
Criteria		Dispatch Radio
Communication
System
Cybersecurity		CTC System
Cybersecurity		ATP System
Cybersecurity		Power System
Cybersecurity
Questionnaire No.
10.0930.4350.0360.435
20.0380.1150.2360.610
30.3210.3210.3210.036
40.0690.3100.4120.210
50.3180.3180.3180.045
60.0560.4740.3320.138
70.0590.2540.5770.110
80.0880.2760.0520.585
90.1920.0520.7040.052
100.0610.4460.4160.077
110.0670.4270.4270.079
120.1750.0420.3040.479
130.0600.3830.3830.175
140.0530.3180.5580.071
150.3380.2050.2880.169
160.0830.4170.0830.417
170.1880.6780.0470.088
180.0360.4350.4350.093
190.0610.4160.0770.446
200.0480.2030.5990.151
210.1290.1430.6870.040
220.1000.7000.1000.100
230.0630.5860.2880.063
240.2050.6850.0460.064
250.0410.3610.0790.520
Average0.1210.3990.2930.186
Table A2. Summary of cybersecurity risk dimension for dispatch radio communication system.
Table A2. Summary of cybersecurity risk dimension for dispatch radio communication system.
Evaluation
Criteria		Inability of
Dispatchers to
Issue Dispatch
Instructions		Inability of
Train Crew to
Communicate
with One Another		Failure of
the Emergency
Reporting System		Inability to Record Calls, Resulting in
the Loss of Critical
Information
Questionnaire No.
10.6730.1650.1140.048
20.6770.1100.1700.043
30.4500.0500.4500.050
40.5860.1680.2040.041
50.1000.1000.7000.100
60.1550.1460.6610.038
70.1340.1550.6580.054
80.4010.4270.1180.053
90.1860.0690.6980.046
100.6060.2340.0800.080
110.4750.0980.3580.068
120.1700.1700.6250.036
130.6270.2040.1310.039
140.5310.3140.0920.063
150.5180.0970.0830.302
160.2080.2080.4870.096
170.4370.0820.4370.044
180.1340.1340.6920.040
190.4200.4200.1260.034
200.0470.2970.5680.088
210.1460.1550.6610.038
220.6660.0470.2200.067
230.6510.1100.1190.119
240.2360.6580.0620.044
250.5400.2740.1500.037
Average0.4030.2030.3210.072
Table A3. Summary of cybersecurity risk dimension for CTC system.
Table A3. Summary of cybersecurity risk dimension for CTC system.
Evaluation
Criteria		Inability to
Monitor Train
Occupancy in
Track Sections
(Locations)		Inability of
Controllers to
Issue Commands
to Safety Control
Systems		Inability of
the Dispatching
System to
Automatically
Track Train
Numbers		Inability to
Automatically
Record Train
Arrival, Departure,
or Passing Times
at Stations
Questionnaire No.
10.4090.4530.0940.045
20.1900.6940.0570.059
30.7350.0820.1240.060
40.2620.5650.1180.055
50.4380.4380.0630.063
60.6130.2080.0890.089
70.2190.6600.0610.061
80.2460.5890.1140.050
90.6920.1400.0990.070
100.6150.1700.1700.044
110.2060.6460.0850.064
120.7500.0830.0830.083
130.6210.1650.1650.048
140.2970.1250.4140.164
150.0520.2660.3410.341
160.7420.0820.1170.058
170.4290.4290.0930.049
180.7500.0830.0830.083
190.1680.6110.1680.052
200.5790.2820.0810.057
210.1440.5740.2030.078
220.2350.4540.1550.155
230.2390.2530.2990.209
240.6450.1430.1200.093
250.6460.0800.1560.117
Average0.4460.3100.1510.093
Table A4. Summary of cybersecurity risk dimension for ATP system.
Table A4. Summary of cybersecurity risk dimension for ATP system.
Evaluation
Criteria		Inability to
Provide Drivers
with Information
on Upcoming
Signals, Block
Status, and Train
Occupancy		Inability to
Determine the
Speed Limit for
Following Trains Based on the
Position of the
Preceding Train		Inability to
Transmit Speed
Restriction
Information
to Trains		Failure to
Automatically
Apply Brakes
When the Train
Exceeds the
Speed Limit
Questionnaire No.
10.1270.4510.0410.382
20.5460.3040.0500.099
30.2350.1720.2350.357
40.1120.1890.0590.641
50.0980.0710.1480.683
60.7350.0540.0540.158
70.3150.0810.1330.471
80.6090.2080.1070.076
90.1780.1580.0420.623
100.4500.0500.0500.450
110.7340.0870.0870.093
120.4990.0990.0800.322
130.6950.1000.0950.110
140.5130.1760.1550.156
150.2370.1670.2170.380
160.0640.1560.2190.562
170.4290.0710.0710.429
180.0830.0830.0830.750
190.6680.1430.1010.088
200.0430.1440.1400.673
210.7310.1520.0590.058
220.4640.0720.0720.392
230.2500.2500.2500.250
240.3950.4350.1150.055
250.4030.0870.0440.466
Average0.3760.1700.1190.335
Table A5. Summary of cybersecurity risk dimension for power system.
Table A5. Summary of cybersecurity risk dimension for power system.
Evaluation
Criteria		Train Operation
Disruptions and
Delays		Increased Passenger Safety RisksMalfunctions
in Signal and
Communication
Systems		Increased Risk of
Catastrophic
Accidents
Questionnaire No.
10.2060.0420.2970.455
20.0550.0550.2430.648
30.0330.2640.1880.515
40.1260.0690.2440.561
50.0560.0560.5980.289
60.0340.2230.2230.521
70.0770.3830.1200.419
80.0480.6500.0460.256
90.0480.0480.6540.249
100.0390.3270.3080.327
110.0360.3210.3210.321
120.0570.4550.0610.427
130.0510.4610.0550.433
140.0380.4600.2100.292
150.1000.3000.3000.300
160.4170.0830.4170.083
170.0390.1240.4190.419
180.0330.4060.1540.406
190.0930.0360.4350.435
200.0410.1330.2530.573
210.0560.4580.0560.430
220.0930.0360.4350.435
230.3560.0980.2510.295
240.0350.2340.5580.174
250.0330.1960.5750.196
Average0.0770.2040.2880.431

References

  1. Raval, K.J.; Jadav, N.K.; Rathod, T.; Tanwar, S.; Vimal, V.; Yamsani, N. A survey on safeguarding critical infrastructures: Attacks, AI security, and future directions. Int. J. Crit. Infrastruct. Prot. 2024, 44, 100647. [Google Scholar] [CrossRef]
  2. Jadav, N.K.; Gupta, R.; Tanwar, S. AI and onion routing-based secure architectural framework for IoT-based critical infrastructure. In Proceedings of the 2023 13th International Conference on Cloud Computing, Data Science & Engineering (Confluence), Noida, India, 19–20 January 2023; pp. 559–564. [Google Scholar] [CrossRef]
  3. Homeland Security Policy Committee, Executive Yuan. Available online: https://ohs.ey.gov.tw/Page/E09D4EC20A2D078A (accessed on 22 August 2025).
  4. Šarūnienė, I.; Martišauskas, L.; Krikštolaitis, R.; Augutis, J.; Setola, R. Risk assessment of critical infrastructures: A methodology based on criticality of infrastructure elements. Reliab. Eng. Syst. Saf. 2023, 243, 109797. [Google Scholar] [CrossRef]
  5. Pursiainen, C.; Kytömaa, E. From European critical infrastructure protection to the resilience of European critical entities: What does it mean? Sustain. Resilient Infrastruct. 2023, 8 (Suppl. 1), 85–101. [Google Scholar] [CrossRef]
  6. Broto, V.C.; Cortina-Oriol, M.; Durrant, D.; Griggs, S.; Guarneros-Meza, V.; Hayes, G.; Howarth, D.; Isunza-Vera, E.; Wong, M.T.; Zaremberg, G. Infrastructures, processes of insertion and the everyday: Towards a new dialogue in critical policy studies. Crit. Policy Stud. 2022, 16, 121–130. [Google Scholar] [CrossRef]
  7. Classification of National Critical Infrastructure Areas. Available online: https://ohs.ey.gov.tw/File/62C7B5B507800552 (accessed on 22 August 2025).
  8. Abuhasel, K.A. Linear Probabilistic Resilience Model for Securing Critical Infrastructure in Industry 5.0. IEEE Access 2023, 11, 80863–80873. [Google Scholar] [CrossRef]
  9. Barak, I. Critical infrastructure under attack: Lessons from a honeypot. Netw. Secur. 2020, 2020, 16–17. [Google Scholar] [CrossRef]
  10. Luiijf, E.; Nieuwenhuijs, A.; Klaver, M.; van Eeten, M.; Cruz, E. Empirical Findings on Critical Infrastructure Dependencies in Europe. In Critical Information Infrastructure Security; Setola, R., Geretshuber, S., Eds.; Springer: Berlin/Heidelberg, Germany, 2009; Volume 5508, pp. 326–337. [Google Scholar] [CrossRef]
  11. Kour, R.; Patwardhan, A.; Thaduri, A.; Karim, R. A review on cybersecurity in railways. Proc. Inst. Mech. Eng. Part F J. Rail Rapid Transit. 2022, 237, 3–20. [Google Scholar] [CrossRef]
  12. Wisniewski, M.; Gladysz, B.; Ejsmont, K.; Wodecki, A.; Van Erp, T. Industry 4.0 solutions impacts on critical infrastructure safety and protection—A systematic literature review. IEEE Access 2022, 10, 82716–82735. [Google Scholar] [CrossRef]
  13. Lopez, I.; Aguado, M. Cyber security analysis of the European train control system. IEEE Commun. Mag. 2015, 53, 110–116. [Google Scholar] [CrossRef]
  14. Yigit, Y.; Ferrag, M.A.; Ghanem, M.C.; Sarker, I.H.; Maglaras, L.A.; Chrysoulas, C.; Moradpoor, N.; Tihanyi, N.; Janicke, H. Generative AI and LLMs for Critical Infrastructure Protection: Evaluation Benchmarks, Agentic AI, Challenges, and Opportunities. Sensors 2025, 25, 1666. [Google Scholar] [CrossRef]
  15. IBM. Available online: https://securityintelligence.com/news/high-impact-attacks-on-critical-infrastructure-climb-140/ (accessed on 15 July 2025).
  16. Luo, M.; Tao, C.; Liu, Y.; Chen, S.; Chen, P. An Endogenous Security-Oriented Framework for Cyber Resilience Assessment in Critical Infrastructures. Appl. Sci. 2025, 15, 8342. [Google Scholar] [CrossRef]
  17. von Briel, F.; Davidsson, P.; Recker, J. Digital Technologies as External Enablers of New Venture Creation in the IT Hardware Sector. Entrep. Theory Pract. 2017, 42, 47–69. [Google Scholar] [CrossRef]
  18. Gnoni, M.G.; Bragatto, P.A.; Milazzo, M.F.; Setola, R. Integrating IoT technologies for an intelligent safety management in the process industry. Procedia Manuf. 2020, 42, 511–515. [Google Scholar] [CrossRef]
  19. Lubis, M.; Safitra, M.F.; Fakhrurroja, H.; Muttaqin, A.N. Guarding Our Vital Systems: A Metric for Critical Infrastructure Cyber Resilience. Sensors 2025, 25, 4545. [Google Scholar] [CrossRef]
  20. Ten, C.-W.; Manimaran, G.; Liu, C.-C. Cybersecurity for Critical Infrastructures: Attack and Defense Modeling. IEEE Trans. Syst. Man Cybern. Part A Syst. Humans 2010, 40, 853–865. [Google Scholar] [CrossRef]
  21. Kweon, E.; Lee, H.; Chai, S.; Yoo, K. The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence. Inf. Syst. Front. 2021, 23, 361–373. [Google Scholar] [CrossRef]
  22. He, Y.; Bin, Z.; Xu, X.; Yu, H.; Zhang, Y.; Li, N.; Li, M. Landslide Risk Assessment Along Railway Lines Using Multi-Source Data: A Game Theory-Based Integrated Weighting Approach for Sustainable Infrastructure Planning. Sustainability 2025, 17, 5522. [Google Scholar] [CrossRef]
  23. Panchal, S.; Shrivastava, A.K. Landslide hazard assessment using analytic hierarchy process (AHP): A case study of National Highway 5 in India. Ain Shams Eng. J. 2022, 13, 101626. [Google Scholar] [CrossRef]
  24. Abuzwidah, M.; Elawady, A.; Ashour, A.G.; Yilmaz, A.G.; Shanableh, A.; Zeiada, W. Flood Risk Assessment for Sustainable Transportation Planning and Development under Climate Change: A GIS-Based Comparative Analysis of CMIP6 Scenarios. Sustainability 2024, 16, 5939. [Google Scholar] [CrossRef]
  25. Al-Barqawi, H.; Zayed, T. Infrastructure management: Integrated AHP/ANN model to evaluate municipal water mains’ performance. J. Infrastruct. Syst. 2008, 14, 305–318. [Google Scholar] [CrossRef]
  26. Piratla, K.R.; Jin, H.; Yazdekhasti, S. A Failure Risk-Based Culvert Renewal Prioritization Framework. Infrastructures 2019, 4, 43. [Google Scholar] [CrossRef]
  27. Udie, J.; Bhattacharyya, S.; Ozawa-Meida, L. A Conceptual Framework for Vulnerability Assessment of Climate Change Impact on Critical Oil and Gas Infrastructure in the Niger Delta. Climate 2018, 6, 11. [Google Scholar] [CrossRef]
  28. Saaty, T.L. The analytic hierarchy process (AHP). J. Oper. Res. Soc. 1980, 41, 1073–1076. [Google Scholar]
  29. Amankwah-Nkyi, K.; Hernandez, S.; Mitra, S.K. Highway-Transportation-Asset Criticality Estimation Leveraging Stakeholder Input Through an Analytical Hierarchy Process (AHP). Sustainability 2025, 17, 5212. [Google Scholar] [CrossRef]
  30. Jewpanya, P.; Nuangpirom, P.; Nakkiew, W.; Pitjamit, S.; Jaichomphu, P. Optimizing Tourist Destination Selection Using AHP and Fuzzy AHP Based on Individual Preferences for Personalized Tourism. Sustainability 2025, 17, 1116. [Google Scholar] [CrossRef]
  31. Roth, E.M.; Malsch, N.; Multer, J. Understanding How Train Dispatchers Manage and Control Trains: Results of a Cognitive Task Analysis (No. DOT-VNTSC-FRA-98-3); United States Department of Transportation, Federal Railroad Administration: Washington, DC, USA, 2001. [Google Scholar]
  32. Heath, C.; Hindmarsh, J.; Luff, P. Interaction in isolation: The dislocated world of the London Underground train driver. Sociology 1999, 33, 555–575. [Google Scholar] [CrossRef]
  33. Andreasson, R.; Jansson, A.A.; Lindblom, J. The coordination between train traffic controllers and train drivers: A distributed cognition perspective on railway. Cogn. Technol. Work 2019, 21, 417–443. [Google Scholar] [CrossRef]
  34. Hailes, S. Modern telecommunications systems for train control. In Proceedings of the 11th IET Professional Development Course on Railway Signalling and Control Systems, York, UK, 5–9 June 2006; pp. 185–192. [Google Scholar]
  35. Andrén, M.; Sanne, J.M.; Linell, P. Striking the balance between formality and informality in safety-critical communication: Train traffic control calls. J. Pragmat. 2010, 42, 220–241. [Google Scholar] [CrossRef]
  36. Nie, L.; Hansen, I.A. System analysis of train operations and track occupancy at railway stations. Eur. J. Transp. Infrastruct. Res. 2005, 5, 31–54. [Google Scholar] [CrossRef]
  37. Hartong, M.; Goel, R.; Wijesekera, D. Communications security concerns in communications based train control. WIT Trans. Built Environ. 2006, 88, 1–10. [Google Scholar] [CrossRef]
  38. Şahin, İ. Railway traffic control and train scheduling based on inter-train conflict management. Transp. Res. Part B Methodol. 1999, 33, 511–534. [Google Scholar] [CrossRef]
  39. Carey, M.; Crawford, I. Scheduling trains on a network of busy complex stations. Transp. Res. Part B Methodol. 2007, 41, 159–178. [Google Scholar] [CrossRef]
  40. Farooq, J.; Soler, J. Radio communication for communications-based train control (CBTC): A tutorial and survey. IEEE Commun. Surv. Tutor. 2017, 19, 1377–1402. [Google Scholar] [CrossRef]
  41. Krasemann, J.T. Design of an effective algorithm for fast response to the re-scheduling of railway traffic during disturbances. Transp. Res. Part C Emerg. Technol. 2012, 20, 62–78. [Google Scholar] [CrossRef]
  42. Zhang, J.; Liu, H.; Wu, Q.; Jin, Y.; Chen, Y.; Ai, B.; Jin, S.; Cui, T.J. RIS-Aided Next-Generation High-Speed Train Communications: Challenges, Solutions, and Future Directions. IEEE Wirel. Commun. 2022, 28, 145–151. [Google Scholar] [CrossRef]
  43. Wu, Q.; Cole, C.; Spiryagin, M.; Chang, C.; Wei, W.; Ursulyak, L.; Cantone, L. Freight train air brake models. Int. J. Rail Transp. 2023, 11, 1–49. [Google Scholar] [CrossRef]
  44. Monsuur, F.; Enoch, M.; Quddus, M.; Meek, S. Modelling the impact of rail delays on passenger satisfaction. Transp. Res. Part A Policy Pract. 2021, 152, 19–35. [Google Scholar] [CrossRef]
  45. Larue, G.S.; Popovic, V.; Legge, M.; Brophy, C.; Blackman, R. Safe trip: Factors contributing to slip, trip and fall risk at train stations. Appl. Ergon. 2021, 92, 103316. [Google Scholar] [CrossRef] [PubMed]
  46. Butakova, M.A.; Chernov, A.V.; Shevchuk, P.S.; Vereskun, V.D. Complex event processing for network anomaly detection in digital railway communication services. In Proceedings of the 2017 25th Telecommunication Forum (TELFOR), Belgrade, Serbia, 21–22 November 2017; pp. 1–4. [Google Scholar] [CrossRef]
  47. Evans, A.W. Fatal train accidents on Europe’s railways: An update to 2019. Accid. Anal. Prev. 2021, 158, 106182. [Google Scholar] [CrossRef]
  48. Thron, E.; Faily, S.; Dogan, H.; Freer, M. Human factors and cyber-security risks on the railway–the critical role played by signalling operations. Inf. Comput. Secur. 2024, 32, 236–263. [Google Scholar] [CrossRef]
  49. Yu, P.-D.; Tan, C.W.; Fu, H.-L. Averting cascading failures in networked infrastructures: Poset-constrained graph algorithms. IEEE J. Sel. Top. Signal Process. 2018, 12, 733–748. [Google Scholar] [CrossRef]
Systems 13 00861 g001
Figure 1. Hierarchical structure of the AHP questionnaire.
Figure 1. Hierarchical structure of the AHP questionnaire.
Systems 13 00861 g001
Systems 13 00861 g002
Figure 2. Hierarchical structure [30].
Figure 2. Hierarchical structure [30].
Systems 13 00861 g002
Table 1. Explanation of the AHP evaluation scale and Random Index (RI).
Table 1. Explanation of the AHP evaluation scale and Random Index (RI).
n1234567891011
RI000.580.91.121.241.321.411.451.491.51
Table 2. AHP pairwise comparison questionnaire.
Table 2. AHP pairwise comparison questionnaire.
Intensity of
Importance		Extreme
importance		Very strong
importance		Strong
importance		Moderate importance Equal
importance		Moderate
importance 		Strong
importance		Very
strong
importance		Extreme
importance		Intensity of Importance
Personnel Risk98765432123456789Owner Risk
Note: The symbol “—” indicates that the importance is between the importances listed before and after. For example, the importance of 8 is between the importances of 7 and 9.
Table 3. Cybersecurity risk dimensions of dispatch radio communication systems.
Table 3. Cybersecurity risk dimensions of dispatch radio communication systems.
DimensionCritical Influencing FactorsDescription
Cybersecurity Risk
Dimensions of
Dispatch Radio
Communication Systems		Inability of dispatchers
to issue dispatch
instructions [31]		Failure to transmit dispatch instructions in a timely manner may compromise operational safety and scheduling efficiency.
Inability of train crew
to communicate with
one another [32,33]		When train crew are unable to report abnormal conditions, it may lead to delayed responses, accident escalation, and disruptions to operational safety and order.
Failure of the emergency
reporting system [34]		The loss of emergency communication capabilities may hinder timely emergency handling and alerts.
Inability to record calls,
resulting in the loss of
critical information [35]		Lack of call recordings may result in the loss of key information, hindering accident investigation and responsibility clarification.
Table 4. Cybersecurity risk dimensions of CTC systems.
Table 4. Cybersecurity risk dimensions of CTC systems.
DimensionCritical Influencing FactorsDescription
Cybersecurity Risk
Dimensions of
CTC Systems		Inability to monitor
train occupancy in track
sections (locations) [36]		Inability to detect train positions may result in misjudgments, dispatching errors, and compromise both safety and dispatching efficiency.
Inability of controllers
to issue commands to
safety control systems [37]		When controllers are unable to operate signaling equipment and track switches, it may cause loss of train control and collisions, threatening operational safety and dispatching.
Inability of the dispatching
system to automatically
track train numbers [38]		Inability to track train numbers automatically may lead to dispatching errors and misjudgment of train positions, affecting operational safety.
Inability to automatically
record train arrival,
departure, or passing
times at stations [39]		The lack of automated time records may hinder understanding of train movements, reduce the accuracy of root cause analysis, and impair the effectiveness of transportation planning decisions.
Table 5. Cybersecurity risk dimensions of ATP systems.
Table 5. Cybersecurity risk dimensions of ATP systems.
DimensionCritical Influencing FactorsDescription
Cybersecurity Risk
Dimensions of
ATP Systems		Inability to provide
drivers with information
on upcoming signals, block
status, and train occupancy [40]		Drivers are required to make operational decisions in responsibility mode, as ATP assistance becomes unavailable.
Inability to determine the
speed limit for following
trains based on the position
of the preceding train [41]		Failure to impose speed restrictions accordingly may lead to rear-end collisions and compromise train safety and dispatch control.
Inability to transmit speed
restriction information
to trains [42]		Failure to convey speed restriction information to trains may result in overspeeding, increasing the risk of accidents and threatening operational safety.
Failure to automatically
apply brakes when the train
exceeds the speed limit [43]		Overspeed without automatic braking may result in block violations or Signals Passed at Danger, posing serious risks to passenger safety and operational stability.
Table 6. Cybersecurity risk dimensions of power systems.
Table 6. Cybersecurity risk dimensions of power systems.
DimensionCritical Influencing FactorsDescription
Cybersecurity Risk
Dimensions of
Power Systems		Train operation
disruptions and delays [44]		Train stoppages en route result in passengers being stranded, which is especially hazardous in tunnels or remote sections.
Increased passenger
Safety risks [45]		Prolonged power outages may cause overheating and oxygen depletion inside the train, which is particularly dangerous during summer.
Malfunctions in signal and communication systems [46]Signal blackouts and track switch failures increase the risk of collisions.
Increased risk of
catastrophic accidents [47]		Some braking systems rely on electrical power. Failures may result in extended stopping distances or complete braking loss.
Table 7. Expert background information of current organization.
Table 7. Expert background information of current organization.
Background TypeRailway Administrative AuthorityRailway Operating
Organization		Information and
Communications Industry
Number of Experts4156
Table 8. Expert background information of position.
Table 8. Expert background information of position.
Background TypeSenior ExecutiveMiddle Management/Technical SupervisorFrontline Manager/
Operations Staff
Number of Experts988
Table 9. Expert background information of area of expertise.
Table 9. Expert background information of area of expertise.
Background TypeCommunication and Information SystemsRailway Dispatch
and Transportation Management		System Integration and Professional ManagementElectromechanical
Engineering
Number of Experts8467
Table 10. Comparison of evaluation criteria weights within the dispatch radio communication system cybersecurity risk dimension *.
Table 10. Comparison of evaluation criteria weights within the dispatch radio communication system cybersecurity risk dimension *.
Risk DimensionEvaluation CriteriaWeightRank
Dispatch Radio
Communication
System Cybersecurity
(0.121)		Inability of dispatchers to issue dispatch instructions (0.403)0.0491
Inability of train crew to communicate with one another (0.203)0.0253
Failure of the emergency reporting system
(0.321)		0.0392
Inability to record calls, resulting
in the loss of critical information
(0.072)		0.0094
* C.I. = 0.00628; C.R. = 0.00697; λmax = 4.01884.
Table 11. Comparison of evaluation criteria weights within the CTC system cybersecurity risk dimension *.
Table 11. Comparison of evaluation criteria weights within the CTC system cybersecurity risk dimension *.
Risk DimensionEvaluation CriteriaWeightRank
CTC System
Cybersecurity
(0.399)		Inability to monitor train occupancy in track sections (0.446)0.1781
Inability of controllers to issue
commands to safety control systems
(0.310)		0.1242
Inability of the dispatching system
to automatically track train numbers
(0.151)		0.0603
Inability to automatically record train arrival,
departure, or passing times at stations
(0.093)		0.0374
* C.I. = 0.00648; C.R. = 0.0072; λmax = 4.01944.
Table 12. Comparison of evaluation criteria weights within the ATP system cybersecurity risk dimension *.
Table 12. Comparison of evaluation criteria weights within the ATP system cybersecurity risk dimension *.
Risk DimensionEvaluation CriteriaWeightRank
ATP System
Cybersecurity
(0.293)		Inability to provide drivers with information on upcoming signals, block status, and train occupancy (0.376)0.1101
Inability to determine the speed limit for following trains based on the position of the preceding train (0.170)0.0503
Inability to transmit speed
restriction information to trains
(0.119)		0.0354
Failure to automatically apply brakes
when the train exceeds the speed limit
(0.335)		0.0982
* C.I. = 0.00007; C.R. = 0.00007; λmax = 4.00021.
Table 13. Comparison of evaluation criteria weights within the power system cybersecurity risk dimension *.
Table 13. Comparison of evaluation criteria weights within the power system cybersecurity risk dimension *.
Risk DimensionEvaluation CriteriaWeightRank
Power System
Cybersecurity
(0.186)		Train operation disruptions and delays
(0.077)		0.0144
Increased passenger safety risks
(0.204)		0.0383
Malfunctions in signal and communication system (0.288)0.0542
Increased risk of catastrophic accidents
(0.431)		0.0801
* C.I. = 0.00054; C.R. = 0.0006; λmax = 4.00162.
Table 14. Comparison of evaluation criteria weights across cybersecurity risk dimensions of railway CI.
Table 14. Comparison of evaluation criteria weights across cybersecurity risk dimensions of railway CI.
RankDescriptionWeightCumulative Value
1Inability to monitor train occupancy in track sections (locations)0.1780.178
2Inability of controllers to issue commands to safety control systems0.1240.302
3Inability to provide drivers with information on upcoming signals, block status, and train occupancy0.110.412
4Failure to automatically apply brakes when the train exceeds the speed limit0.0980.51
5Increased risk of catastrophic accidents due to power system cybersecurity issues0.080.59
6Inability of the dispatching system to automatically track train numbers0.060.65
7Malfunctions in signal and communication systems0.0540.704
8Inability to determine the speed limit for following trains based on the position of the preceding train0.050.754
9Inability of dispatchers to issue dispatch instructions0.0490.803
10Failure of the emergency reporting system0.0390.842
11Increased passenger safety risks due to power system cybersecurity issues0.0380.88
12Inability to automatically record train arrival, departure, or passing times at stations0.0370.917
13Inability to transmit speed restriction information to trains0.0350.952
14Inability of train crew to communicate with one another0.0250.977
15Train operation disruptions and delays0.0140.991
16Inability to record calls, resulting in the loss of critical information 0.0091
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Hsiao, L.-S.; Lin, I.-L.; Huang, C.-J.; Liu, H.-T. Analysis of Factors Influencing Cybersecurity in Railway Critical Infrastructure: A Case Study of Taiwan Railway Corporation, Ltd. Systems 2025, 13, 861. https://doi.org/10.3390/systems13100861

AMA Style

Hsiao L-S, Lin I-L, Huang C-J, Liu H-T. Analysis of Factors Influencing Cybersecurity in Railway Critical Infrastructure: A Case Study of Taiwan Railway Corporation, Ltd. Systems. 2025; 13(10):861. https://doi.org/10.3390/systems13100861

Chicago/Turabian Style

Hsiao, Liang-Sheng, I-Long Lin, Chi-Jan Huang, and Hsiang-Te Liu. 2025. "Analysis of Factors Influencing Cybersecurity in Railway Critical Infrastructure: A Case Study of Taiwan Railway Corporation, Ltd." Systems 13, no. 10: 861. https://doi.org/10.3390/systems13100861

APA Style

Hsiao, L.-S., Lin, I.-L., Huang, C.-J., & Liu, H.-T. (2025). Analysis of Factors Influencing Cybersecurity in Railway Critical Infrastructure: A Case Study of Taiwan Railway Corporation, Ltd. Systems, 13(10), 861. https://doi.org/10.3390/systems13100861

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop