5 mitigations to protect against increasingly disruptive railway cyber attacks

Jun 30, 2021

In 2015 in Hanover, Germany, a railway system experienced almost 3 million attacks in six weeks. Attackers would return over and over again, rigorously studying the system and improving their methods with each attempt. In roughly a tenth of these attacks, intruders were able to gain a measure of control within the system. Fortunately, this railway system was a simulation put online as a honeypot – a kind of bait system that waits for hackers to attack so that their methods can be studied, which was set up at the 2015 CeBIT Hanover Fair.


This experiment foreshadowed 2020’s increases in the sophistication and frequency of railway-focused cyber attacks:

Cyber attacks such as these can be significantly weakened or completely stopped with modernized defenses and training. Our security researchers can recommend five defensive measures to mitigate cyber attacks, protecting infrastructure organizations from attackers’ attempts at disrupting and extorting money from essential services.

  1. Network segmentation breaks the network up into easily-defensible zones based on which assets need to communicate with each other, preventing attackers and malware from moving between systems or subsystems.
  2. Virtual patching is a network-based behavior that puts a “shield” around vulnerable assets, requiring no adjustment to the asset itself.
  3. Routine scans of all stand-alone assets to detect and remove malware before it launches.
  4. Lockdown of fixed-use assets like speed gates and ticketing kiosks prevents all non-trust list approved applications from running on the system, allowing
  5. Security awareness education (SAE) for team members, particularly on the dangers of phishing – a simple 30-minute training course sent out to personnel once a year works wonders for preventing attacks before they happen.


Segment your network and apply virtual patching to vulnerable assets with the next-generation firewall, EdgeFire.

Perform routine scans on stand-alone equipment (such as rolling stock) with Trend Micro Portable Security 3, a handheld portable scanning solution.

Lock down fixed-use assets and manage locked down assets with StellarEnforce and manage locked down assets from the centralized StellarOne console.

TXOne image
TXOne Networks

Need assistance?

TXOne’s global teams are here to help!

Find support