Digital technologies and cybersecurity of transport infrastructure: challenges for rail transport

Rafał Zgorzelski; Jakub Murawski; Norbert Chamier-Gliszczyński

doi:10.61089/aot2025.yfgz9c91

Authors

Rafał Zgorzelski Faculty of Transport, Warsaw University of Technology, Warsaw, Poland Author https://orcid.org/0009-0000-7719-3662
Jakub Murawski Faculty of Transport, Warsaw University of Technology, Warsaw, Poland Author https://orcid.org/0000-0003-2902-3882
Norbert Chamier-Gliszczyński Faculty of Economics Sciences, Koszalin University of Technology, Koszalin, Poland Author https://orcid.org/0000-0001-7919-0158

DOI:

https://doi.org/10.61089/aot2025.yfgz9c91

Keywords:

Cybersecurity, cyber threats, critical infrastructure, ICT systems, cybersecurity management

Abstract

The paper examines the growing importance of cybersecurity in rail transport within the broader framework of critical infrastructure protection. The ongoing digital transformation across all sectors of the economy increasingly affects the functioning of the railway system, which constitutes a strategic component of the national transport network. The adoption of information and communication technologies, as well as industrial automation, has facilitated the deployment of advanced solutions, such as intelligent traffic management systems and predictive maintenance tools, for railway infrastructure. These technologies have significantly enhanced the efficiency, safety, and reliability of transport operations; however, they have also introduced new and complex cybersecurity challenges. The progressive integration of information technology and operational technology systems increases the vulnerability of transport infrastructure to cyber threats that may result in service disruptions, data integrity breaches, or the reduced availability of critical functions. The article underscores the necessity of developing and maintaining an effective cybersecurity management framework in the transport sector, incorporating incident response mechanisms, threat intelligence sharing, and the adoption of standardized procedures and best practices aimed at safeguarding digital assets. Particular attention is devoted to the role of AI as a key driver of digital transformation in the transport sector. Although AI-based technologies enhance operational efficiency and enable greater process automation, their deployment simultaneously introduces a new set of challenges. These challenges primarily relate to data quality and security, system interoperability, and ensuring the transparency and reliability of algorithms used within critical transport infrastructure. The authors emphasize that effective cybersecurity management requires a holistic and integrated approach that combines technical, organizational, legal, and human capital dimensions. Equally important is fostering close cooperation among infrastructure managers, transport authorities, and carriers to ensure a coordinated and resilient cybersecurity framework across the entire transport ecosystem.

References

1. Bańka, M., Daniłowski, J., Czerliński, M., Murawski, J., Żochowska, R., & Sobota, A. (2022). A Feedback Analysis Automation Using Business Intelligence Technology in Companies Organizing Urban Public Transport. Sustainability, 14(18), 11740. https://doi.org/10.3390/su141811740

2. Cyberbezpieczeństwo na kolei - Rekomendacje Prezesa UTK. Urząd Transportu Kolejowego. Retrieved August 17, 2025, from https://utk.gov.pl/pl/aktualnosci/19920,Cyberbezpieczenstwo-na-kolei-rekomendacje-Prezesa-UTK.html

3. Davari, N., Veloso, B., Costa, G. D. A., Pereira, P. M., Ribeiro, R. P., & Gama, J. (2021). A Survey on Data-Driven Predictive Maintenance for the Railway Industry. Sensors, 21(17), 5739. https://doi.org/10.3390/s21175739

4. Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on Measures for a High Common Level of Cybersecurity across the Union, Amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and Repealing Directive (EU) 2016/1148 (NIS 2 Directive) (Text with EEA Relevance), EP, CONSIL, 333 OJ L (2022). http://data.europa.eu/eli/dir/2022/2555/oj

5. Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the Resilience of Critical Entities and Repealing Council Directive 2008/114/EC (Text with EEA Relevance), EP, CONSIL, 333 OJ L (2022). http://data.europa.eu/eli/dir/2022/2557/oj

6. FBI Releases Annual Internet Crime Report. Federal Bureau of Investigation. Retrieved August 18, 2025, from https://www.fbi.gov/news/press-releases/fbi-releases-annual-internet-crime-report

7. Foresight Cybersecurity Threats For 2030 – Upadate. Executive Summary. (2024). European Union Agency for Cybersecurity. https://www.enisa.europa.eu/publications/foresight-cybersecurity-threats-for-2030-update-2024

8. Górka, M. (2018). Cyberbezpieczeństwo jako wyzwanie dla współczesnego państwa i społeczeństwa. In T. Dębowski (Ed.), Cyberbezpieczeństwo wyzwaniem XXI wieku. Wydawnictwo Naukowe ArchaeGraph.

9. Ibadah, N., Benavente-Peces, C., & Pahl, M.-O. (2024). Securing the Future of Railway Systems: A Comprehensive Cybersecurity Strategy for Critical On-Board and Track-Side Infrastructure. Sensors, 24(24), 8218. https://doi.org/10.3390/s24248218

10. Informe de ciberinteligencia industrial del tercer trimestre. ZIUR. Retrieved August 8, 2025, from https://www.ziur.eus/eu/-/informe-trimestral-de-tendencias-sobre-ciberinteligencia-industrial

11. Kołodziejczyk, R. (2020). Bezpieczeństwo Rzeczypospolitej Polskiej w cyberprzestrzeni, w: Bezpieczeństwo w cyberprzestrzeni. In M. Molendowska & R. Miernik (Eds.), Bezpieczeństwo w cyberprzestrzeni: Wybrane zagadnienia (pp. 188–201). Wydawnictwo Adam Marszałek.

12. Kono, K., & Colatin, S. de T. (2023). National Approaches to the Supply Chain Cybersecurity: Taking a More Restrictive Stance Against High-Risk Vendors. https://ccdcoe.org/library/publications/national-approaches-to-the-supply-chain-cybersecurity-taking-a-more-restrictive-stance-against-high-risk-vendors/

13. Krześniak, M., Jacyna, M., Pryciński, P., Murawski, J., & Bańka, M. (2022). Business Environment Of Rail Transport In The Context Of The Value Chain. Scientific Journal of Silesian University of Technology. Series Transport, 116, 179–195. https://doi.org/10.20858/sjsutst.2022.116.11

14. Lella, I., Theocharidou, M., Magonara, E., Malatras, A., Svetozarov Naydenov, R., Ciobanu, C., & Chatzichristos, G. (Eds.). (2024). ENISA Threat Landscape 2024 July 2023 to June 2024. European Union Agency for Cybersecurity. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024

15. Liveri, D., Theocharidou, M., & Naydenov, R. (2020). Railway cybersecurity. Security measures in the Railway Transport Sector. European Union Agency for Cybersecurity. https://www.enisa.europa.eu/publications/railway-cybersecurity

16. Łukasiewicz, J., & Szlachter, D. (2025). Prawne i techniczne metody ochrony obiektów infrastruktury krytycznej przed zagrożeniami ze strony bezzałogowych statków powietrznych – przykład Polski. Terroryzm, 167. https://doi.org/10.4467/27204383TER.25.006.21509

17. Maciejewski, R. (2019). Ochrona infrastruktury krytycznej – narracje prawne i politologiczne. Fnce sp. z o.o.

18. Microsoft Digital Defense Report 2024. (2024). Microsoft. https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2024

19. Milewski, J. (2016). Identyfikacja infrastruktury krytycznej i jej zagrożeń. Zeszyty Naukowe AON, 4(105), 99–115.

20. Mohammed, S., Budach, L., Feuerpfeil, M., Ihde, N., Nathansen, A., Noack, N., Patzlaff, H., Naumann, F., & Harmouch, H. (2025). The effects of data quality on machine learning performance on tabular data. Information Systems, 132, 102549. https://doi.org/10.1016/j.is.2025.102549

21. Molendowska, M., Górski, P., & Zal, P. (2021). Logistyka bezpieczeństwa. Wybrane zagadnienia. Wydawnictwo Adam Marszałek.

22. Murawski, J., Szczepański, E., Jacyna-Gołda, I., Izdebski, M., & Jankowska-Karpa, D. (2022). Intelligent mobility: A model for assessing the safety of childrentraveling to school on a school bus with the use of intelligent bus stops. Eksploatacja i Niezawodność – Maintenance and Reliability, 24(4), 695–706. https://doi.org/10.17531/ein.2022.4.10

23. Papagiannidis, E., Mikalef, P., & Conboy, K. (2025). Responsible artificial intelligence governance: A review and research framework. The Journal of Strategic Information Systems, 34(2), 101885. https://doi.org/10.1016/j.jsis.2024.101885

24. Poliński, J., & Ochociński, K. (2020). Cyfryzacja w transporcie kolejowym. Problemy Kolejnictwa, z. 188. https://doi.org/10.36137/1885P

25. Protecting Critical Supply Chains: A Guide to Securing Your Supply Chain Ecosystem. (2024). The National Counterintelligence and Security Center. https://www.dni.gov/index.php/ncsc-what-we-do/ncsc-supply-chain-threats

26. Qi, J., & Wang, J. (2025). Bridging Artificial Intelligence and Railway Cybersecurity: A Comprehensive Anomaly Detection Review. Transportation Research Record: Journal of the Transportation Research Board, 2679(5), 232–255. https://doi.org/10.1177/03611981241302335

27. Railway Cybersecurity Market Expected to Reach $14.69 Billion by 2030. (2021). Allied Market Research. https://www.alliedmarketresearch.com/press-release/railway-cybersecurity-market.html?utm

28. Raport o stanie bezpieczeństwa cyberprzestrzeni RP w 2024 r. (2025). Agencja Bezpieczeństwa Wewnętrznego. https://csirt.gov.pl/cer/publikacje/raporty-o-stanie-bezpi/983,Raport-o-stanie-bezpieczenstwa-cyberprzestrzeni-RP-w-2024-roku.html

29. Raport roczny z działalności CERT Polska w 2024 roku. (2025). NASK - Państwowy Instytut Badawczy. https://cert.pl/posts/2025/04/raport-roczny-2024/

30. Realizacja przez podmioty państwowe zadań w zakresie ochrony cyberprzestrzeni Rzeczypospolitej Polskiej. (2025). Najwyższa Izba Kontroli. https://www.nik.gov.pl/kontrole/P/14/043

31. Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on Information and Communications Technology Cybersecurity Certification and Repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA Relevance), 151 OJ L (2019). http://data.europa.eu/eli/reg/2019/881/oj

32. Safeguarding Our Critical Infrastructure. (2024). National Counterintelligence and Security Center. https://www.dni.gov/index.php/ncsc-how-we-work/203-about/organization/national-counterintelligence-and-security-center/2762-safeguarding-our-future?utm

33. Semenov, I., Jacyna, M., Auguściak, I., & Wasiak, M. (2025). Hybrid Human–AI Collaboration for Optimized Fuel Delivery Management. Energies, 18(19), 5203. https://doi.org/10.3390/en18195203

34. Smagowicz, J., Szwarc, K., Kisilowski, M., Wiśniewski, M., & Skomra, W. (2021). Zarządzanie bezpieczeństwem infrastruktury krytycznej i ciągłością usług kluczowych państwa. Oficyna Wydawnicza Politechniki Warszawskiej.

35. Sprawozdanie ze stanu bezpieczeństwa ruchu kolejowego 2023 r. (2024). Urząd Transportu Kolejowego https://utk.gov.pl/pl/dokumenty-i-formularze/opracowania-urzedu-tran/21639,Sprawozdanie-ze-stanu-bezpieczenstwa-ruchu-kolejowego-2023-r.html

36. Stypułkowski, K., Gołda, P., Lewczuk, K., & Tomaszewska, J. (2021). Monitoring System for Railway Infrastructure Elements Based on Thermal Imaging Analysis. Sensors, 21(11), 3819. https://doi.org/10.3390/s21113819

37. Szaciłło, L., Jacyna, M., Szczepański, E., & Izdebski, M. (2021). Risk assessment for rail freight transport operations. Eksploatacja i Niezawodność – Maintenance and Reliability, 23(3), 476–488. https://doi.org/10.17531/ein.2021.3.8

38. Szaciłło, L., Krześniak, M., Zgorzelski, R., Lasota, M., & Franke, P. (2024). Resistance And Safety Of The Railway Transport System In The Context Of Disruptions Occurring During Rail Freight Transportation. Transport Problems, 19(2), 191–204. https://doi.org/10.20858/tp.2023.19.2.15

39. Tang, R., De Donato, L., Bes̆inović, N., Flammini, F., Goverde, R. M. P., Lin, Z., Liu, R., Tang, T., Vittorini, V., & Wang, Z. (2022). A literature review of Artificial Intelligence applications in railway systems. Transportation Research Part C: Emerging Technologies, 140, 103679. https://doi.org/10.1016/j.trc.2022.103679

40. Toruń, A., Sokołowska, L., & Jacyna, M. (2019). Communications-based train control system—Concept based on WiFi LAN network. Proceedings of the International Conference Transport Means 2019, 911–915.

41. Transforming NIS2. Challenge sito Strategic Opportunities. A Cisco Perspective. (2023). CISCO. https://www.cisco.com/c/m/en_emea/products/security/nis2-directive.html#~guide-to-nis2

42. Transport Cybersecurity Toolkit (2020). European Commission. Mobility and Transport. https://transport.ec.europa.eu/transport-themes/security-safety/cybersecurity_en

43. Ustawa z Dnia 5 Lipca 2018 r. o krajowym systemie cyberbezpieczeństwa (2018). https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001560

44. Ustawa z Dnia 26 Kwietnia 2007 r. o zarządzaniu kryzysowym (2007). https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=wdu20070890590

45. Wyniki statystyczne Centralnego Biura Zwalczania Cyberprzestępczości za 2023 rok. (2024). Centralne Biuro Zwalczania Cyberprzestępczości. https://cbzc.policja.gov.pl/bzc/statystyka/raporty-z-dzialalnosci/262,Raporty-z-dzialalnosci.html

46. Wyniki statystyczne Centralnego Biura Zwalczania Cyberprzestępczości za 2024 rok. (2025). Centralne Biuro Zwalczania Cyberprzestępczości. https://cbzc.policja.gov.pl/bzc/statystyka/raporty-z-dzialalnosci/262,Raporty-z-dzialalnosci.html

47. Wytyczne dot. Cyberbezpieczeństwa dla pracowników podmiotów kolejowych. (2021). https://isac-kolej.pl/publikacje.html

48. Wytyczne dotyczące cyberbezpieczeństwa pasażerskiego taboru kolejowego, wersja 1.0. (2023). https://isac-kolej.pl/publikacje.html

49. Xie, J., Huang, J., Zeng, C., Jiang, S.-H., & Podlich, N. (2020). Systematic Literature Review on Data-Driven Models for Predictive Maintenance of Railway Track: Implications in Geotechnical Engineering. Geosciences, 10(11), 425. https://doi.org/10.3390/geosciences10110425

50. Zgorzelski, R. (2025). Zarządzanie procesowe w sytuacjach kryzysowych. In A. Bitkowska, M. Kruk, & J. Smagowicz (Eds.), Potencjał Zarządzania Procesowego Strategie-Ludzie-Technologie. TNOiK „Dom Organizatora”.