Safeguard
Solution · Transport

Transport. Software supply chain security for rail, transit, road, and coach.

Rail operators, urban transit authorities, road transport networks running autonomous and driver-assist software, and inter-city coach fleets all now sit inside the TSA Rail Cyber Directive, EN 50701, UNECE R155, and NIS2 perimeters. Safeguard makes signalling, dispatch, ticketing, and AV / ADAS evidence a live query, not a quarterly binder.

TSA Rail
Aligned
EN 50701
Mapped
UNECE R155
Road
0
Customer Code In Training
Industry pressures

Four forces converging on transport software.

Regulator, safety case, passenger-data, and operational pressures are collapsing into one continuous evidence requirement.

TSA Rail Cyber Directive

US rail operators now face binding cybersecurity performance requirements with named cyber-incident reporting timelines. Spreadsheet evidence on signalling and dispatch software is no longer enough — continuous attestation is.

EU NIS2 transport

Rail, urban transit, road, and coach operators classified as essential entities under NIS2 now answer to ENISA on supply chain risk and incident reporting. The clock is shorter than most internal audits can move.

Signalling-system cyber

Rail signalling and dispatch increasingly run on COTS stacks with long-tail OSS underneath. A single unpatched KEV in a signalling SDK is a safety-critical incident, not a vulnerability ticket.

AV / ADAS safety + cyber convergence

UN R155 and adjacent regimes are pulling autonomous-vehicle and driver-assist software into the same regulator review as safety. Adversarial-input attacks on perception models are now a recall-class event.

How Safeguard fits

Capability mapped to transport regulator expectation.

Signalling-system signed SBOM

Every signalling, dispatch, and interlocking release emits a CycloneDX SBOM with signed provenance. Regulator evidence is a query against a live store, not a binder assembled the week before audit.

AV / ADAS reachability-aware patching

Reachability analysis decides which CVEs are actually exposed in a given AV / ADAS build, not which versions match. Combined with KEV and EPSS, recall risk gets a defendable, ranked worklist.

Ticketing-platform vendor concentration

See your single-point-of-failure components across ticketing, contactless, and revenue-share platforms before procurement signs the next operator contract. Concentration risk surfaces component-by-component.

Control-room MCP-server governance

Agentic copilots in dispatch, OCC, and traffic-management control rooms run through a governed MCP layer. Tool calls are scoped, logged, and prompt-injection tested before they touch a safety-critical interlock.

Compliance alignment

Frameworks the platform is mapped to.

Pre-mapped control narratives and evidence in the formats your auditor, safety case, and regulator already accept.

TSA Rail Cyber Directive
EN 50701
UNECE R155
NIS2
ISO/IEC 27001:2022
IEC 62443
Sector cyber rules
Sectoral national rules
Reference architecture

A typical deployment in a rail or transit operator.

Rail-DMZ control plane, signalling-CI signing pipeline, per-vendor trust packet for OEMs and integrators, and a regulator-facing evidence export portal for TSA, ENISA, and UNECE oversight.

Step 01

Rail-DMZ control plane

Control plane sits in the operator's rail-DMZ, between corporate IT and signalling OT. No cross-tenant traffic, no shared key material, no shared dispatch logs.

Step 02

Signalling-CI signing pipeline

Every signalling, interlocking, and dispatch CI release passes through a signing pipeline. SBOM, VEX, and model attestation are pinned to the build, not retrofitted at audit.

Step 03

Vendor trust packet

Per-vendor signed bundle of SBOM, VEX, and provenance flows to the operator's TPRM stack. Concentration risk is visible at the component level, across signalling, ticketing, and AV / ADAS suppliers.

Step 04

Regulator evidence export

Read-only portal exposes signed evidence to TSA, ENISA, UNECE and national regulators on demand — no email attachments, no last-minute spreadsheets.

Where the risk lives today

Four risk surfaces your safety case already worries about.

Signalling-system compromise (rail)

Modern signalling, dispatch, and interlocking systems are increasingly COTS underneath. A single unpatched KEV in a signalling SDK is a safety-critical event, not a vulnerability ticket — and the regulator agrees.

AV / ADAS adversarial-input attacks (road)

Perception models for autonomous and driver-assist stacks are recall-class assets. Adversarial-input attacks on lane keeping, classification, or planning models now require model-attestation evidence, not just unit tests.

Ticketing-platform breach

Ticketing, contactless, and revenue-share platforms concentrate passenger-data and payment flows. A single shared transitive dependency cascades across operators, agencies, and authorities at once.

Control-room ransomware

OCC, dispatch, and traffic-management control rooms are increasingly Windows-stack with long-tail OSS underneath. One ransomware event can stall an entire urban transit network for a working day.

Current threat landscape

What is actually hitting transport this year.

Quantified benefits

Quantified benefits for transport operators.

Numbers from production deployments. Same regulator, same vendor stack, dramatically less binder.

MetricBefore SafeguardWith Safeguard
TSA audit prep8 weeks1 day
Signalling patch cycle30 days5 days
AV model-attestation prep3 weeks1 hour
Tool consolidation8 vendors1
Ticketing-vendor concentration mappingManualAutomated
Alert noise~80%~5%
Passenger-data residency auditReactiveContinuous

Evidence at the speed of your safety case.

Talk to the team about TSA Rail evidence pipelines, AV / ADAS model attestation, and a deployment shape that lives inside your operator's rail-DMZ.