Protecting Railways Using a Programmatic Approach

IEC 62443 has long been the de facto standard for operational technology-laden environments, and this includes rail operations. However, in July 2022, a working group was organized with the primary task of establishing an international standard that would include guidelines for the railway sector. Scheduled for international release in Q2 of 2026, the proposed standard is known as IEC 63452, and is directly influenced by the European standard TS 50701 and IEC 62443. 

Beyond the Tool: A Program-Forward Approach

The rail industry is learning that purchasing technology alone does not drive business outcomes. The future of cyber-operational resilience requires more than a dashboard; it requires a cyber-physical systems (CPS) protection program, which is a coordinated, repeatable system where people, processes, and technology work in harmony to reduce risk.

Meeting IEC 63452 will require rail operators to break down the traditional barriers of unclear ownership between asset owners in IT and operational technology (OT) by establishing a unified security language and documented, repeatable workflows.

What is the IEC 63452 Standard?

IEC 63452 is the first dedicated international standard designed to secure the complex, interconnected ecosystem of modern rail. While general industrial standards provide a baseline, rail environments possess unique safety-critical requirements that generic frameworks often overlook.

This standard promises vertical application of security principles tailored for:

• Rolling stock: Ensuring onboard control systems and passenger Wi-Fi remain securely segmented.

• Fixed installations: Protecting trackside signaling, electrification, and communication networks.

• The full lifecycle: Mandating security from initial design and commissioning-to-decommissioning of critical assets.

The Journey From IEC 62443

For years, the rail industry relied on IEC 62443, a more commonly used standard applicable to any industrial environment. However, the specific operational nuances of rail—such as high-speed mobility and proprietary signaling—demanded a more specialized approach.

The transition evolved through these stages:

• The foundation (IEC 62443): Established core concepts like "Zones and Conduits" and "Foundational Requirements". While foundational for many OT environments, it does not address rail cybersecurity specifically.

• The bridge (CLC/TS 50701): A European technical specification that began translating these concepts for rail-specific applications. Foundationally related to IEC 62443, this standard was the first to provide cybersecurity guidance central to the rail industry. However, this standard is not international in focus nor application. 

• The global Standard (IEC 63452): Effectively globalizes and matures these principles into a unified international requirement, promising tighter integration with the previous standard and positioned to supersede TS 50701.

By moving to IEC 63452, the industry shifts from adapting general rules to following a blueprint built specifically for railway resilience.

The Cyber-Physical Security Implications

Rail involves CPS that have been brought online, exposing them to risks that can have real-world consequences that could threaten public safety. As attackers increasingly target these systems, rail organizations must shift from reactive, ad-hoc practices to a predictable, measurable risk reduction strategy supporting a program focused on cyber-physical governance.

How the Claroty Platform Supports the Journey

Claroty supports IEC 63452 by aligning its CPS protection platform with the standard’s core pillars: lifecycle visibility, risk-based zoning, and continuous monitoring. This ensures railways run smoothly without compromising operational efficiency, while also keeping passenger and public safety top of mind.

Key Pillars of Support

Because IEC 63452 is an evolution of TS 50701 and IEC 62443, Claroty leverages its existing compliance frameworks to meet rail-specific needs:

• Rail-specific protocols: Claroty supports hundreds of industrial and rail-specific protocols (e.g., IEC 60870-5-104, DNP3, and proprietary signaling protocols), which is essential for the visibility required by IEC 63452.

• Operational continuity: The Claroty Platform uses passive monitoring to ensure that cybersecurity checks never interfere with safety-critical systems like automatic train control (ATC) or interlocking.

• Comprehensive auditing and reporting : Annex G of IEC 63452 requires documented proof of security. Claroty’s automated reporting provides the data evidence (audit logs, asset baselines, and risk scores) needed to build these compliance files.

If your organization currently follows CLC/TS 50701, Claroty facilitates the transition to the more stringent requirements of IEC 63452 by providing a unified dashboard that maps existing technical controls to it. .

Protecting Railways with Claroty 

The arrival of IEC 63452 in 2026 marks a turning point for railway cybersecurity, shifting the industry from reactive measures to a standardized, risk-based posture. As rail systems become increasingly digitized, the cyber-physical risks to safety and continuity can no longer be managed with IT tools alone.

Using the Claroty Platform, operators can:

• Bridge the compliance gap between current TS 50701 practices and future IEC requirements.

• Stay in compliance with data-driven evidence of security controls.

• Ensure operational continuity through passive monitoring that respects safety-critical signaling.

The journey to railway resilience is no longer an optional track—it is the baseline for the future of global transit.

Discover how Claroty can help you achieve full compliance with the latest railway cybersecurity directives while ensuring the uninterrupted flow of your operations. 

Discover how Claroty can help support your agency's compliance journey with the latest maritime security directives while ensuring the uninterrupted flow of your operations.