This year, EKE-Electronics proudly celebrates four decades of pioneering excellence in rail technology. Over these 40 years, we’ve witnessed the transformation of trains from mechanical marvels to digital ecosystems. Today, as trains become ever more connected, the threat landscape has evolved, making cybersecurity a mission-critical priority for every train operator.
The Hidden Risk: Intrusion via the MVB
The Multifunction Vehicle Bus (MVB) is the digital nervous system of modern trains, connecting critical subsystems and enabling seamless operation. However, this connectivity brings risk, especially when it is connected to Ethernet networks as part of an architecture based on IEC 61375. Intrusion via the MVB can allow unauthorised access to safety-critical systems, potentially leading to service disruption, data theft, or even compromised passenger and crew safety.
Many operators remain unaware that traditional MVB monitoring solutions only capture preconfigured data, leaving blind spots that sophisticated attackers can exploit. The need for comprehensive, real-time visibility into all MVB traffic has never been greater. People may argue that the MVB operates using a proprietary protocol, unlike Ethernet networks, and is therefore more difficult to attack, but it is an attractive target for a capable and motivated attacker, and the impact of a security breach could be catastrophic.
Why Cybersecurity Matters for MVB
The MVB is a backbone for train control systems, carrying commands and data for traction, braking, ETCS and other safety-critical functions. If an attacker injects malicious data or tampers with signals, it could lead to:
- Safety Hazards: Altered braking or traction commands could cause collisions or derailments.
- Operational Disruption: False diagnostics or control signals can immobilise trains or trigger emergency stops.
- Data Integrity Loss: Compromised sensor readings may mislead maintenance teams, creating cascading failures and causing a loss of confidence in reported information.
Introducing the EKE-Trainnet® MVB Monitoring Solution
Drawing on 40 years of experience in on-board train data networks, EKE-Electronics has developed, in collaboration with RazorSecure, the EKE-Trainnet® MVB Monitoring Solution with integrated intrusion detection. A robust system designed specifically to address the unique cybersecurity challenges of rail environments. All hardware is type tested according to EN 50155, certified to EN 45545, and compliant with RoHS and REACH.
There are 2 types of systems:
- Integrated with EKE-Electronics’ TCMS
Provided as part of EKE-Electronics’ TCMS scope of delivery with an additional MVB module for the monitoring. - Standalone EKE-Trainnet® MVB monitoring unit with integration option to 3rd party devices
The MVB monitoring application supports on-site installation of 3rd-party devices such as a TCMS or a Security Gateway via an M12 Ethernet/TRDP.
Each solution is supported by RazorSecure’s advanced Intrusion Detection System (IDS) capabilities. Designed specifically for rail, RazorSecure’s Delta – Intrusion Detection System leverages powerful anomaly detection to identify unusual and unexpected network behaviours, going beyond traditional IDS systems that rely solely on known threat signatures.
Delta provides comprehensive network topology visibility and the foundation for a proactive cybersecurity strategy. With deployments on over 1000 trains globally, Delta is highly effective in detecting and enabling it to respond to potential cyber threats quickly.
What Makes Our Solution Different?
- Vendor-Independent: The EKE-Trainnet® MVB Monitoring Solution works with any MVB regardless of the manufacturer.
- Total Network Visibility: Unlike conventional systems, our monitoring device collects all data traversing the MVB not just the preconfigured streams. This means operators gain a complete picture of network activity, making it far harder for threats to go undetected.
- Non-Intrusive Integration: The device connects to the MVB bus without interfering with the control network, ensuring operational safety and compliance.
- Flexible Data Output: Raw or preformatted data (XML, JSON, etc.) can be exported according to customer preference, with Ethernet as the standard interface.
- Modular and Certified: The hardware is EN 50155 type tested and EN 45545 certified, RoHS and REACH compliant, and supports multiple bus interfaces (CAN, WTB, RS-485) and Ethernet networks making it suitable for diverse rolling stock fleets.
What does the EKE-Trainnet® MVB Monitoring Solution do?
The EKE‑Trainnet® MVB Monitoring Solution passes raw data to RazorSecure’s IDS system, which analyses the information to ensure that transmitted data matches expected patterns and timing. The IDS can detect anomalies such as unexpected packet structures, checksum errors, or unauthorised mastership changes. A mastership change occurs when control of the MVB bus transfers from one master device to the next. If an unauthorised device seizes control during this transfer, it can alter the behaviour of the bus by injecting additional data or even disabling communication entirely. In systems with only a single master, no such transfer takes place, removing this particular attack vector. These types of irregularities may indicate tampering, replay attacks, or attempts by unauthorised devices to join the bus.
Partnership with RazorSecure: Advanced Intrusion Detection
To further strengthen our cybersecurity offering, EKE-Electronics has partnered with RazorSecure, a leader in rail-specific intrusion detection systems (IDS). RazorSecure brings deep expertise in real-time threat detection and anomaly analysis.
Together, we offer a solution that not only monitors but also enables operators to defend their MVB network.
Why Train Operators Should Act Now
Cybersecurity is no longer optional. As digitalisation accelerates, so do the risks. Intrusion via the MVB is a real and present danger. One that can be mitigated with the right technology and expertise.
By choosing the EKE-Trainnet® MVB Monitoring Solution, supported by RazorSecure’s integrated IDS capabilities, train operators can:
- Detect and respond to threats before they impact operations
- Meet regulatory and safety requirements
- Protect passengers, crew, assets, and reputation
Ready to Secure Your Fleet?
EKE-Electronics’ 40 years of rail experience, combined with cutting-edge cybersecurity from RazorSecure, delivers a future-proof solution for today’s connected trains. Don’t let your MVB become a weak link. Contact us to learn how we can help you stay one step ahead of cyber threats.