OT Cyber Security in Rail: Protecting Signalling, Control Systems and Rolling Stock

Rail cyber security has moved from a theoretical risk to a documented threat. Signalling systems, train control software, and passenger information systems are all targeted by threat actors. This guide addresses the specific OT security requirements for rail organisations under NIS2 and ORR oversight.

Published May 2026·Rail & Railways·Rail Cyber Security OT Security NIS2 Signalling

Why Rail OT Cyber Security Has Unique Characteristics

Rail operational technology — signalling systems, train management systems, level crossing controllers, passenger information systems, and rolling stock software — has safety-critical characteristics that create cyber security requirements that go beyond standard IT or even industrial OT security. A compromised signalling system is not just a business continuity risk — it is a safety risk. This safety dimension imposes additional requirements on change management, testing, and recovery that do not apply in most other OT environments.

NIS2 classifies rail as an essential entity sector, imposing the Directive's most demanding security requirements on train operating companies, infrastructure managers, and rolling stock operators above the Directive's size thresholds. The ORR has signalled growing attention to cyber security as a component of its safety and operational oversight of UK rail operators.

Access the complete guide

All 13 pages — practical implementation guidance, checklists and templates. Free, instant access.

No spam. No sales calls. AjaCertX will email you a copy for reference.

Guide unlocked ✓

A copy has been sent to your email for reference.

Building your rail OT cyber security programme?

OT security specialists with rail sector expertise. Assessment within 48 hours.

Get a Proposal →WhatsApp

About AjaCertX

AjaCertX is a specialist compliance, certification and assurance partner serving rail operators and infrastructure organisations. Our Cyber and Digital Security practice delivers OT security assessments, NIS2 compliance, and IRIS/ISO 22163 quality management implementation.