The study published in June 2026 was prepared by researchers from TUM CIT at the Technical University of Munich and Fraunhofer AISEC in Germany. The paper looks at cybersecurity in the European Rail Traffic Management System, the common European standard for train control and signalling.
The authors say ERTMS was built mainly around safety and interoperability. Cybersecurity has become more important as railway infrastructure has become more digital. The study points to legacy components as the main concern. It names GSM-R and EuroBalises as key sources of risk.
GSM-R is still used for radio communication between trains and trackside systems. EuroBalises are used for train positioning and data transfer. The paper says ETCS Level 2 and the future FRMCS system could reduce some risks. But other threats would remain, including jamming, DDoS attacks and data integrity issues.