How are train operators embedding resilience engineering so trains continue operating safely even when the core digital systems or connectivity are compromised?

From backup to recovery, moving beyond "Do you have backups?” to proving restore capability, recovery time, and safe service resumption under real ransomware scenarios.

Managing SOC-led containment actions without creating unsafe outcomes, such as remote interventions that disrupt live train movements.

Implementing cyber fire drills across operations, control rooms, and front-line staff so response becomes organisational muscle memory.

Equipping teams to recognise when to isolate, pause, or override systems to protect availability, integrity, and passenger safety simultaneously.