The Secure Train

A holistic architecture for rolling stock cybersecurity.

Moving beyond isolated controls to a fully monitored, zoned and resilient onboard environment — designed with the rail industry, achievable today.

Unified visibility Enforced zoning Secure maintenance
Talk to an Expert Explore the Architecture
Modern red train representing the Secure Train architecture
Ready today With Westermo and EKE-Electronics
In collaboration with
The Vision

Secure the train as a connected system — not a set of isolated devices.

Modern rolling stock is a complex, connected ecosystem. As connectivity increases, so does the attack surface. The Secure Train is a unified cybersecurity architecture that provides deep visibility and control across the entire vehicle.

Developed in collaboration with industry leaders Westermo and EKE-Electronics, this architecture is achievable today and designed to meet the rigorous demands of rail operators and asset owners. Deeper assurance work — including penetration testing and SBOM analysis — is supported alongside the architecture to provide full-lifecycle coverage.

Secure Train Reference Architecture · click to expand
Modular by Design

A flexible approach to onboard cyber security

Achieve comprehensive visibility with your existing infrastructure — or layer in dedicated hardware for maximum enforcement. The Secure Train meets you where you are.

01 — Software-Led

Visibility Without the Footprint

In many cases, you can significantly enhance your security posture without adding a single piece of new hardware.

  • Switch-Based Monitoring Deploy rail-specific intrusion detection on your existing Westermo onboard network infrastructure to monitor traffic and detect anomalies.
  • Deep Network Visibility Extend visibility beyond the main gateways into internal onboard networks to detect unexpected activity or configuration change.
02 — Hardware-Enforced

Enhanced Control

For fleets requiring the highest level of protection and auditability, we integrate dedicated gateways that physically enforce security zones.

  • Digital Maintenance Gateway Ensure all maintenance staff have unique credentials, activities are audited, and software updates are secure.
  • Security Gateway Enforced network zoning to protect critical systems from less secure passenger and comfort networks.
  • MVB Intrusion Detection Utilise the EKE-Trainnet® MVB monitoring unit to strengthen visibility across the onboard systems that support key operational functions.
The Stack

Purpose-built components for rolling stock

RazorSecure capabilities, Westermo networking, and EKE-Trainnet® MVB — combined into a single, coherent technology stack.

Digital Maintenance Gateway

Digital Maintenance Gateway

Unique credentials, audited activity and secure software updates - replacing obsolete maintenance laptops.

EKE-Trainnet MVB Monitoring Module

MVB Monitoring

EKE-Trainnet® monitoring combined with RazorSecure intrusion detection for deep visibility across the MVB.

Westermo Viper rugged onboard rail switch

Whole-Train Visibility

Switch-based monitoring on the Westermo Viper series - one architecture covering CAN, MVB, TCMS, comfort and passenger networks.

Core Pillars

Four capabilities that define the Secure Train

01

Monitored Traffic

Full visibility including MVB and CAN networks, not just the main gateways.

02

Enforced Zoning

Prevents lateral movement of threats between onboard systems and networks.

03

Secure Maintenance

Replaces obsolete maintenance laptops with a secure, audited process.

04

Configuration Control

Detects unauthorised changes to the train's baseline configuration.

Secure Train is not just about monitoring what happens onboard. It gives operators a practical way to manage the key cyber risks around software updates, maintenance access, perimeter security and visibility across the train as a connected environment.

Alex Cowan  ·  CEO, RazorSecure

Ready to secure your fleet?

The Secure Train doesn't need to break the bank. Whether you are a train builder designing-in security from day one, or an operator needing broader visibility across an existing fleet, our modular approach fits your requirements.

Download the Architecture Overview Contact a Rail Security Expert
RS Full Colour - Light

Why RazorSecure?

Solutions

Products

Security Gateway

Delta

Digital Maintenance Gateway

Echo

 

Company

About Us

Meet The Team

In The Press

Sustainability

Diversity & Inclusion

Careers

 

linkedin
youtube
RS Full Colour - Light
youtube
linkedin

Why RazorSecure?

Solutions

Products

Security Gateway

Delta

Digital Maintenance Gateway

Echo

Company

About Us

Meet The Team

In The Press

Sustainability

Diversity & Inclusion

Careers

 

© 2024 RazorSecure Limited. All Rights Reserved

Privacy Policy | Responsible Disclosure Policy

Privacy Policy | Responsible Disclosure Policy