Railway signaling has undergone a rapid digital transformation over the past two decades, evolving from electromechanical relays and isolated circuits to integrated cyber-physical systems with wireless communications, cloud interfaces, and software-defined logic. While this transition has enhanced safety, efficiency, and interoperability, it has also greatly expanded the cyberattack surface. Unlike conventional IT networks, signaling is directly tied to human safety: a successful compromise of interlockings, radio protocols, or automatic train protection (ATP) can trigger not only economic disruption but also catastrophic accidents. This paper presents a systematic review of cybersecurity challenges in modern railway signaling, organized around four pillars: threat taxonomy and case evidence, standards and frameworks for safety–security integration, emerging technologies and their vulnerabilities, and future directions including post-quantum cryptography and zero-trust architectures. We analyze notable incidents from Europe, Asia, and the Middle East-including the WannaCry disruption of Deutsche Bahn, the Iranian rail cyberattack, and the Polish “radio stop” spoofing-and map them to vulnerabilities in signaling protocols and supply chains. The review synthesizes guidance from railway-specific standards such as EN 50159, CENELEC TS 50701, and EN 50126/28/29 alongside cross-sectoral frameworks like IEC 62443 and the NIST Cybersecurity Framework. Special focus is given to the transition from GSM-R to the Future Railway Mobile Communication System (FRMCS), which introduces 5G-based broadband services, new cryptographic requirements, and coexistence challenges, and to India’s Kavach ATP program as a case study of cybersecurity integration in large-scale deployments. The study concludes that effective railway cybersecurity demands joint safety–security engineering, global cooperation on threat intelligence, and proactive adoption of crypto-agility to prepare for post-quantum risks.
Khosla et al. (Mon,) studied this question.