Search Results (14)

The importance of safety culture in high-risk sectors such as railway transport has gained increasing prominence, particularly within the evolving European regulatory landscape. Commission Delegated Regulation (EU) 2018/762 requires railway organisations to establish strategies for the continuous improvement of safety culture, emphasizing both behavioural and systemic dimensions of safety. This paper presents a structured literature review and proposes a conceptual model of performance indicators designed to support the implementation of these strategies in railway enterprises. Drawing on established continuous improvement methodologies—Kaizen, Six Sigma, and the DMAIC (Define–Measure–Analyse–Improve–Control) framework—the model aligns with Safety Management System (SMS) and Maintenance Management System (MMS) processes. The proposed indicators encompass domains such as risk assessment, change management, employee competence, incident reporting, and system monitoring. The model aims to transform railway organisations into learning systems capable of proactively adapting to emerging risks, including those related to cybersecurity as addressed by the NIS2 Directive. Through a structured literature review and conceptual synthesis, this study provides a theoretical foundation for the integration of continuous improvement and sustainability in safety management. The findings offer practical guidance for policymakers and railway operators seeking to strengthen data-driven, resilient, and sustainable transport safety governance in the European context. Full article

This study introduces a sensor-centric cybersecurity framework for railway infrastructure that extends Failure Mode and Effects Analysis (FMEA) from traditional reliability evaluation into the domain of cyber-induced failures affecting data integrity, availability and authenticity. The contribution lies in bridging regulatory obligations of the NIS2 Directive with field-layer monitoring by enabling risk indicators to evolve dynamically rather than remain static documentation artefacts. The approach is demonstrated using a scenario-based dataset collected from approximately 250 trackside, rolling-stock, environmental and power-monitoring sensors deployed over a 25 km operational segment, with representative anomalies generated through controlled spoofing, replay and injection conditions. Risk was evaluated using RPN scores derived from Severity–Occurrence–Detectability scales, while anomaly-detection performance was observed through detection-latency variation, changes in RPN distribution, and qualitative responsiveness of timestamp-based alerts. Instead of presenting a fixed benchmark, the results show how evidence from real sensor streams can recalibrate O and D factors in near-real-time and reduce undetected exposure windows, enabling measurable compliance documentation aligned with NIS2 Article 21. The findings confirm that coupling FMEA with streaming telemetry creates a verifiable risk-evaluation loop and supports a transition toward continuous, evidence-driven cybersecurity governance in railway systems. Full article

The present study investigated factors influencing cybersecurity in railway critical infrastructure by identifying relevant factors and criteria and then prioritizing them in order of importance. To address the lack of multi-criteria analysis in previous studies on this topic, the present study applied the analytical hierarchy process to identify factors and criteria influencing cybersecurity and then selected the top 70% of influencing criteria to serve as a reference for railway cybersecurity project management. A total of 25 valid expert questionnaires were collected for weight vector analysis, revealing that the influencing criteria in the top 70% were inability to monitor train occupancy in track sections (locations); inability of controllers to issue commands to safety control systems; inability to provide drivers with information on upcoming signals, block status, and train occupancy; failure to automatically apply brakes when the train exceeds the speed limit; increased risk of catastrophic accidents due to power system security vulnerabilities; and inability of the dispatching system to automatically track train numbers. Full article

The digital transformation of the railway industry is necessary for addressing growing challenges and advancing its sustainable development. Digital technologies include Automatic Train Operation (ATO) and Remote Train Control (RTC), which offer opportunities to potentially optimize operations and enhance safety. Both technologies, however, could pose significant challenges that need to be addressed in order to capture the anticipated benefits in an urban public street environment. This study thus bridges the gap between theory and practice by exploring the projected benefits and challenges of implementing RTC and ATO through a case study of a European public transport operator deploying these technologies in tramway operations. Employing a case study methodology, the research draws on 44 semi-structured interviews with stakeholders from the operator and its supplier. The findings highlight significant anticipated benefits, including increased productivity, improved safety, and enhanced sustainability. Yet, prospective challenges such as regulatory hurdles, technical complexities, and organizational changes pose barriers to implementation. Key obstacles include ensuring robust connectivity, addressing cybersecurity concerns, and managing workforce transitions. This study underscores the importance of collaborative approaches, stakeholder engagement, and incremental deployment to mitigate risks and maximize the impact of automation technologies. By providing actionable insights into the practical adoption of RTC and ATO, this research supports the development of advanced urban transport systems. Full article

With the widespread adoption of wireless communication technologies in modern high-speed rail systems, the Train-to-Ground (T2G) communication system for Electric/Diesel Multiple Units (EMU/DMU) has become essential for train operation monitoring and fault diagnosis. However, this system is increasingly vulnerable to various cyber-physical threats, necessitating more intelligent and adaptive security protection mechanisms. This paper presents an intelligent security defense framework that integrates intrusion detection, risk scoring, and response mechanisms to enhance the security and responsiveness of the T2G communication system. First, feature selection is performed on the TON_IoT dataset to develop a Dream Optimization Algorithm (DOA)-optimized backpropagation neural network (DOA-BPNN) model for efficient anomaly detection. A Bayesian risk scoring module then quantifies detection outcomes and classifies risk levels, improving threat detection accuracy. Finally, a Q-learning-based reinforcement learning (RL) module dynamically selects optimal defense actions based on identified risk levels and attack patterns to mitigate system threats. Experimental results demonstrate improved performance in both multi-class and binary classification tasks compared to conventional methods. The implementation of the Bayesian risk scoring and decision-making modules leads to a 63.56% reduction in system risk scores, confirming the effectiveness and robustness of the proposed approach in an experimental environment. Full article

In today’s world, everything changes at lightning speed, making what is relevant today potentially obsolete tomorrow. This author’s scientific article addresses the issues of energy resilience and cybersecurity in railway signaling. A new proposal based on artificial intelligence is made to improve the fault tolerance of rail transport signaling infrastructure by ensuring increased energy efficiency and detecting cyber-attacks in real time. A linearly coupled neural network model was designed and implemented in a railway signaling simulation to simultaneously track the energy characteristics of signaling and detect abnormal behavior. The authors’ model was validated based on MATLAB(24.2.0.2863752 (R2024b) Update 5) simulations of a real double-track railway line under normal operating conditions and in a ransomware cyber-attack scenario. The AI simulation model correctly predicted the resilience of the signaling system, achieving an average absolute error of 0.0331 in predicting the fundamental performance indicator, and successfully identified an upcoming cyber-attack 20 min before the incident. This study demonstrates the promising architecture of the AI-based signaling system, which provides a significant increase in resilience to emergency situations in relation to power supply and cyber-attacks. By optimizing the signaling infrastructure with AI, it is possible to ensure safe and continuous movement of trains, including emergency situations, representing a promising approach to improving the resilience and safety of railways. Full article

The growing prevalence of cybersecurity threats is a significant concern for railway systems, which rely on an extensive network of onboard and trackside sensors. These threats have the potential to compromise the safety of railway operations and the integrity of the railway infrastructure itself. This paper aims to examine the current cybersecurity measures in use, identify the key vulnerabilities that they address, and propose solutions for enhancing the security of railway infrastructures. The report evaluates the effectiveness of existing security protocols by reviewing current standards, including IEC62443 and NIST, as well as case histories of recent rail cyberattacks. Significant gaps have been identified, especially where modern and legacy systems need to be integrated. Weaknesses in communication protocols such as MVB, CAN and TCP/IP are identified. To address these challenges, the paper proposes a layered security framework specific to railways that incorporate continuous monitoring, risk-based cybersecurity modeling, AI-assisted threat detection, and stronger authentication methodologies. The aim of these recommendations is to improve the resilience of railway networks and ensure a safer, more secure infrastructure for future operations. Full article

Transportation has an essential place in societies and importance to people in terms of its social and economic aspects. Innovative rail systems need to be integrated with developing technologies for transportation. Systemic failures, personnel errors, sabotage, and cyber-attacks in the techniques used will cause a damaged corporate reputation and revenue losses. In this study, cybersecurity attack methods in smart rail systems were determined, and cyber events occurring worldwide through these technologies were analyzed. Risk analysis in terms of transportation safety in smart rail systems was determined by considering the opinions of 10 different experts along with the Analytic Hierarchical Process (AHP) performance criteria. Informatics experts were selected from a group of people with at least 5–15 years of experience. According to these risk analysis calculations, cybersecurity stood out as the most critical security risk at 27.74%. Other risky areas included physical security, calculated at 14.59%, operator errors at 16.20%, and environmental security at 10.93%. Full article

The current mobility situation is constantly changing as people are increasingly moving to urban areas. Therefore, a flexible mode of transport with high-capacity passenger trains and a high degree of modularity in the trains’ composition is necessary. Virtual coupling (VC) is a promising solution to this problem because it significantly increases the capacity of a line and provides a more flexible mode of operation than conventional signaling systems. This novel review, in which approximately 200 papers were analyzed, identifies the main topics of current railway-related VC research, and represents the first step toward the implementation of VC in future railways. It was found that industry research has mainly focused on the feasibility of VC implementation and operation, whereas in academia, which is coordinated with industry, research has focused on control and communication systems. From a technological perspective, the main challenges for VC were identified with regard to aspects such as safety, control technology, interlocking, vehicle-to-vehicle communication, cooperative train protection and control, and integrated traffic management. The important directions for future research that have been identified for future development include complete dynamic models, real-time controllers, reliable and secure communication, different communication topologies, cybersecurity, intelligent control, reinforcement learning, and Big Data analytics. Full article

Intelligent transportation systems will play a key role in the smart cities of the future. In particular, railway transportation is gaining attention as a promising solution to cope with the mobility challenges in large urban areas. Thanks to the miniaturisation of sensors and the deployment of fast data networks, the railway industry is being augmented with contextual, real-time information that opens the door to novel and personalised services. Despite the benefits of this digitalisation, the high complexity of railway transportation entails a number of challenges, particularly from security and privacy perspectives. Since railway assets are attractive targets for terrorism, coping with strong security and privacy requirements such as cryptography and privacy-preserving methods is of utmost importance. This article provides a thorough systematic literature review on information security and privacy within railway transportation systems, following the well-known methodology proposed by vom Brocke et al. We sketch out the most relevant studies and outline the main focuses, challenges and solutions described in the literature, considering technical, societal, regulatory and ethical approaches. Additionally, we discuss the remaining open issues and suggest several research lines that will gain relevance in the years to come. Full article

Background: Industry 4.0 technologies have been widely used in the railway industry, focusing mainly on maintenance and control tasks necessary in the railway infrastructure. Given the great potential that these technologies offer, the scientific community has come to use them in varied ways to solve a wide range of problems such as train failures, train station security, rail system control and communication in hard-to-reach areas, among others. For this reason, this paper aims to answer the following research questions: what are the main issues in the railway transport industry, what are the technologic strategies that are currently being used to solve these issues and what are the technologies from industry 4.0 that are used in the railway transport industry to solve the aforementioned issues? Methods: This study adopts a systematic literature review approach. We searched the Science Direct and Web of Science database inception from January 2017 to November 2021. Studies published in conferences or journals written in English or Spanish were included for initial process evaluation. The initial included papers were analyzed by authors and selected based on whether they helped answer the proposed research questions or not. Results: Of the recovered 515 articles, 109 were eligible, from which we could identify three main application domains in the railway industry: monitoring, decision and planification techniques, and communication and security. Regarding industry 4.0 technologies, we identified 9 different technologies applied in reviewed studies: Artificial Intelligence (AI), Internet of Things (IoT), Cloud Computing, Big Data, Cybersecurity, Modelling and Simulation, Smart Decision Support Systems (SDSS), Computer Vision and Virtual Reality (VR). This study is, to our knowledge, one of the first to show how industry 4.0 technologies are currently being used to tackle railway industry problems and current application trends in the scientific community, which is highly useful for the development of future studies and more advanced solutions. Funding: Colombian national organizations Minciencias and the Mining-Energy Planning Unit. Full article

The railway is a complex technical system of systems in a multi-stakeholder environment. The implementation of digital technologies is essential for achieving operational excellence and addressing stakeholders’ needs and requirements in relation to the railways. Digitalization is highly dependent on an appropriate digital infrastructure provided through proper information logistics, whereas cybersecurity is critical for the overall security and safety of the railway systems. However, it is important to understand the various issues and challenges presented by governance, business, and technical requirements. Hence, this paper is the first link in the chain to explore, understand, and address such requirements. The purpose of this paper is to identify aspects of distributed ledgers and to provide a taxonomy of issues and challenges to develop a secure and resilient data sharing framework for railway stakeholders. Full article

Recent times have demonstrated how much the modern critical infrastructures (e.g., energy, essential services, people and goods transportation) depend from the global communication networks. However, in the current Cyber-Physical World convergence, sophisticated attacks to the cyber layer can provoke severe damages to both physical structures and the operations of infrastructure affecting not only its functionality and safety, but also triggering cascade effects in other systems because of the tight interdependence of the systems that characterises the modern society. Hence, critical infrastructure must integrate the current cyber-security approach based on risk avoidance with a broader perspective provided by the emerging cyber-resilience paradigm. Cyber resilience is aimed as a way absorb the consequences of these attacks and to recover the functionality quickly and safely through adaptation. Several high-level frameworks and conceptualisations have been proposed but a formal definition capable of translating cyber resilience into an operational tool for decision makers considering all aspects of such a multifaceted concept is still missing. To this end, the present paper aims at providing an operational formalisation for cyber resilience starting from the Cyber Resilience Ontology presented in a previous work using model-driven principles. A domain model is defined to cope with the different aspects and “resilience-assurance” processes that it can be valid in various application domains. In this respect, an application case based on critical transportation communications systems, namely the railway communication system, is provided to prove the feasibility of the proposed approach and to identify future improvements. Full article

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol’s resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites. Full article