Rail operators, urban transit authorities, road transport networks running autonomous and driver-assist software, and inter-city coach fleets all now sit inside the TSA Rail Cyber Directive, EN 50701, UNECE R155, and NIS2 perimeters. Safeguard makes signalling, dispatch, ticketing, and AV / ADAS evidence a live query, not a quarterly binder.
Regulator, safety case, passenger-data, and operational pressures are collapsing into one continuous evidence requirement.
US rail operators now face binding cybersecurity performance requirements with named cyber-incident reporting timelines. Spreadsheet evidence on signalling and dispatch software is no longer enough — continuous attestation is.
Rail, urban transit, road, and coach operators classified as essential entities under NIS2 now answer to ENISA on supply chain risk and incident reporting. The clock is shorter than most internal audits can move.
Rail signalling and dispatch increasingly run on COTS stacks with long-tail OSS underneath. A single unpatched KEV in a signalling SDK is a safety-critical incident, not a vulnerability ticket.
UN R155 and adjacent regimes are pulling autonomous-vehicle and driver-assist software into the same regulator review as safety. Adversarial-input attacks on perception models are now a recall-class event.
Every signalling, dispatch, and interlocking release emits a CycloneDX SBOM with signed provenance. Regulator evidence is a query against a live store, not a binder assembled the week before audit.
Reachability analysis decides which CVEs are actually exposed in a given AV / ADAS build, not which versions match. Combined with KEV and EPSS, recall risk gets a defendable, ranked worklist.
See your single-point-of-failure components across ticketing, contactless, and revenue-share platforms before procurement signs the next operator contract. Concentration risk surfaces component-by-component.
Agentic copilots in dispatch, OCC, and traffic-management control rooms run through a governed MCP layer. Tool calls are scoped, logged, and prompt-injection tested before they touch a safety-critical interlock.
Pre-mapped control narratives and evidence in the formats your auditor, safety case, and regulator already accept.
Rail-DMZ control plane, signalling-CI signing pipeline, per-vendor trust packet for OEMs and integrators, and a regulator-facing evidence export portal for TSA, ENISA, and UNECE oversight.
Control plane sits in the operator's rail-DMZ, between corporate IT and signalling OT. No cross-tenant traffic, no shared key material, no shared dispatch logs.
Every signalling, interlocking, and dispatch CI release passes through a signing pipeline. SBOM, VEX, and model attestation are pinned to the build, not retrofitted at audit.
Per-vendor signed bundle of SBOM, VEX, and provenance flows to the operator's TPRM stack. Concentration risk is visible at the component level, across signalling, ticketing, and AV / ADAS suppliers.
Read-only portal exposes signed evidence to TSA, ENISA, UNECE and national regulators on demand — no email attachments, no last-minute spreadsheets.
Modern signalling, dispatch, and interlocking systems are increasingly COTS underneath. A single unpatched KEV in a signalling SDK is a safety-critical event, not a vulnerability ticket — and the regulator agrees.
Perception models for autonomous and driver-assist stacks are recall-class assets. Adversarial-input attacks on lane keeping, classification, or planning models now require model-attestation evidence, not just unit tests.
Ticketing, contactless, and revenue-share platforms concentrate passenger-data and payment flows. A single shared transitive dependency cascades across operators, agencies, and authorities at once.
OCC, dispatch, and traffic-management control rooms are increasingly Windows-stack with long-tail OSS underneath. One ransomware event can stall an entire urban transit network for a working day.
Numbers from production deployments. Same regulator, same vendor stack, dramatically less binder.
| Metric | Before Safeguard | With Safeguard |
|---|---|---|
| TSA audit prep | 8 weeks | 1 day |
| Signalling patch cycle | 30 days | 5 days |
| AV model-attestation prep | 3 weeks | 1 hour |
| Tool consolidation | 8 vendors | 1 |
| Ticketing-vendor concentration mapping | Manual | Automated |
| Alert noise | ~80% | ~5% |
| Passenger-data residency audit | Reactive | Continuous |
Talk to the team about TSA Rail evidence pipelines, AV / ADAS model attestation, and a deployment shape that lives inside your operator's rail-DMZ.