Resources

Case Study: Rail Operator Secures Signal and Control Systems Under TSA Directive

Executive Summary

A major Class I freight railroad operating more than 15,000 miles of track faced a convergence of challenges: TSA cybersecurity directives mandating remote access controls, 40+ signaling and control system vendors each using their own remote access methods, and the operational reality that rail systems cannot be taken offline for security upgrades.

By deploying the Xona platform, the railroad consolidated all vendor access through a single secure gateway, achieved full TSA compliance, and established a unified audit trail covering every session at every location, with zero operational disruptions during rollout. The result is zero direct network connectivity: users interact with OT systems in real time, but their endpoints are never connected to the OT network.

The Challenge

Rail cybersecurity is not abstract compliance. Signaling systems prevent collisions. Positive Train Control enforces speed restrictions. Dispatch centers coordinate traffic across thousands of miles. A compromise of any of these systems has direct public safety consequences, making rail OT security fundamentally different from enterprise IT.

The railroad's OT footprint spanned 15,000+ miles of track, hundreds of field locations, 5 regional dispatch centers, and 35+ major signaling hubs. Modern rail infrastructure relies on 40+ specialized vendors: signaling manufacturers, PTC providers, communications suppliers, dispatch system developers, and rolling stock OEMs. Each required routine remote access with their own proprietary tools, credentials, and processes.

The security problems were significant:

  • No unified access governance. Each vendor managed their own credentials and connection methods. When vendor personnel changed, the railroad had no timely way to revoke access across all tools.

  • Fragmented audit trail. With 40+ access tools, the railroad could not produce a unified record of who accessed which system, when, and what they did, a direct TSA compliance gap.

  • No session recording. Most vendor sessions were unrecorded. In the event of a misconfiguration or suspected compromise, no forensic evidence existed.

  • No instant disconnect. Contacting 40+ vendors to suspend individual access methods would take hours, unacceptable for safety-critical systems.

  • Operational continuity constraints. Signaling, PTC, and dispatch systems cannot be taken offline for security tool installation during active train movements.

The Xona Solution

Xona's CSG terminates OT sessions inside the trusted rail network, streaming only encrypted pixels to vendor browsers. No VPN tunnel, no direct network path, no opportunity for malware traversal. For safety-critical signaling systems, this provides the digital equivalent of a physical air gap while maintaining full interactive access.

A single pane of glass provides provisioning and deprovisioning of all vendor access across the network, with RBAC and TBAC controls, real-time session monitoring, Kill Button for instant termination, and unified audit reporting. Every vendor access event across all 240+ locations is visible from one console.

Xona's industrial DIN-rail CSG, meeting IEC 61850 and IEEE 1613 standards, was purpose-designed for space-constrained wayside signal cabinets and equipment enclosures that standard rack equipment cannot fit. Pre-configured units were installed by field technicians during routine maintenance windows with no network changes required.

The phased rollout covered four stages across 30 weeks: dispatch centers in weeks 1-4 with 5 regional dispatch centers and SIEM integration; signaling hubs in weeks 5-12 with 35 major hubs secured; field locations in weeks 13-24 with 200+ field sites using pre-configured DIN-rail CSGs; and consolidation in weeks 25-30 with all 40+ vendors migrated to Xona and all legacy tools decommissioned. The entire deployment was completed without a single disruption to live rail operations.

The Results:

Every signaling vendor, PTC provider, communications manufacturer, and dispatch developer now accesses their systems exclusively through Xona. All 40+ vendors have been onboarded with unique identities, eliminating shared credentials entirely. TSA compliance was achieved across all requirements. Every session at every location is video-recorded and searchable.

Before Xona: 40+ vendor-specific tools, days to weeks for vendor onboarding, fragmented and mostly unrecorded sessions, vendor-managed credentials with no central control, no instant disconnect capability, and non-compliant TSA status. After Xona: one unified platform, minutes for browser-based onboarding, 100% recording and monitoring, operator-controlled RBAC and TBAC per asset, Kill Button and Lockbox for immediate revocation, and full TSA compliance.

"The ability to govern all vendor access from a single platform and produce a unified audit trail for every session across 240 locations fundamentally changed our compliance posture. We went from fragmented visibility to complete control."

Director of OT Cybersecurity, Class I Freight Railroad

 
Case Studies

Keep Exploring

XONA is a Secure Remote Access Built for OT and ICS

Request an Expert Walkthrough
 Secure access for the systems that keep the world running.
© Xona Systems, 2026
Cookie Policy
Privacy Policy
Disclosure Policy
Website Terms of Service
Terms & Conditions
Security Advisories