By Shaked Kafzan, Cervello CTO and Israeli Representative in IEC 63452 Working Group
As rail systems grow increasingly digital and connected, the need for a common cybersecurity standard has become critical. That’s exactly what IEC 63452 is bringing to the table—a landmark international standard, currently under development, designed specifically for the rail sector’s unique cyber risks and operational context.
At Cervello, we see IEC 63452 as a major leap forward in helping the rail industry move from reactive security to a structured, lifecycle-based approach. Here’s what you need to know—and how to prepare.
What is IEC 63452?
IEC 63452 is being developed under IEC TC9 / PT 63452, with contributors from over 20 countries, and strong collaboration with stakeholders such as UITP, ERA, and ENISA. It adapts core principles from industrial standards like IEC 62443, but tailors them to fit railway-specific systems, operational constraints, and stakeholder roles.
It covers:
- All types of railway environments (high-speed, metros, trams, automated systems)
- The entire lifecycle from design to decommissioning
- Clear role definitions across asset owners, integrators, maintainers, and suppliers
The standard is set to become official by mid-2026 and will likely replace EN TS 50701 across Europe, serving as the future baseline for cybersecurity and potentially aligning with NIS2/CRA compliance.
Why It Matters: Key Changes
IEC 63452 brings three critical advancements:
- Continuous Monitoring Across the Lifecycle
Security doesn’t stop at commissioning. The standard embeds cyber evaluation and handover planning throughout the lifecycle.
IEC 63452 outlines how cybersecurity evaluation and acceptance are structured—from planning to final handover. Source: PT 63452 / Cybersenate presentation (public).
- Rail-Tailored Risk Management
The standard introduces a clear flow for detailed risk assessment, incorporating threat identification, security requirements, and acceptance criteria.
The flow above shows the risk assessment logic: threats are managed via security controls or explicit risk evaluation, aligned with IEC 62443 and CSM-RA. Source: PT 63452 / Cybersenate.
- Clear Role-Based System Modeling
The standard guides operators in modeling their systems across physical layers (onboard, trackside, central) and functional subsystems (signaling, communications, comfort, etc.).
This area-based model helps stakeholders understand how cybersecurity must be applied across decentralized systems, from interlocking to SCADA and Wi-Fi. Source: PT 63452 / Cybersenate.
How to Prepare Now
Even though the standard is not yet finalized, proactive rail organizations can begin aligning with its principles today:
- Inventory and Zone Your Assets
Begin with system modeling and security zoning, identifying critical conduits and interfaces. - Apply Risk-Based Thinking
Use threat scenarios to conduct a preliminary cybersecurity risk assessment that considers both technical and operational impact. - Establish Monitoring & Visibility
Deploy OT-aware monitoring platforms that provide anomaly detection, protocol inspection, and operational context, like the Cervello Platform. - Build Your Cybersecurity Case
Prepare documentation showing how risks are identified, treated, and continuously monitored. IEC 63452 introduces the concept of a “cybersecurity case” to guide this process. - Educate Your Teams
Cybersecurity is not just an IT responsibility. Train your staff across engineering, operations, and safety to understand their role in maintaining security throughout the lifecycle.
Cervello’s Role
Cervello’s platform directly supports the principles of IEC 63452 by:
- Enabling asset discovery and risk evaluation aligned with lifecycle security
- Providing real-time monitoring that fits operational constraints
- Supporting the documentation needed for a cybersecurity case and the handover process
Our mission is to make rail cybersecurity practical, measurable, and actionable—so that compliance is a benefit, not a burden.
The Road Ahead
With IEC 63452 moving steadily toward its final release in 2026, rail organizations that act early will be better equipped to meet regulatory expectations and cyber threats alike. Compliance won’t be optional, and preparation starts now.
Ready to map your path to compliance? Contact us to learn how Cervello can help align your cybersecurity strategy with IEC 63452.
Disclaimer: All references to IEC 63452 in this article are based on publicly available information, including presentations shared by the PT 63452 working group. No confidential or draft content from the Committee Draft for Vote (CDV) has been disclosed.