Quantum-Safe Signaling and Optimization for Rail Systems

June 2, 2025
|In Post-Quantum
|By Admin

Challenge

A major metropolitan mass transit authority, operating an extensive rail and subway system, recognized that its ongoing digital modernization brought with it new cybersecurity challenges – especially with the looming prospect of quantum computers. Modern rail systems depend on secure communication: signaling systems send commands to trains, positive train control systems prevent collisions, and operational data about train positions and speeds flow constantly. This authority’s rail network had begun adopting communications-based train control (CBTC) and other smart rail technologies that rely on encryption for safety (to ensure signals and control messages are authentic and haven’t been tampered with). The leadership realized that if quantum computing renders current encryption algorithms (like RSA or ECC) obsolete, an attacker in the future could theoretically disrupt or spoof these communications, posing serious safety risks. At the same time, the authority faced pressure to improve efficiency and capacity; they were curious whether quantum computing could help optimize complex tasks like scheduling trains, routing maintenance crews, or managing power usage across the network. The challenge was to preemptively secure the rail system’s digital backbone against quantum threats and to investigate quantum technologies that might enhance transit operations, all while working within public-sector budget constraints and ensuring no downtime for passengers. They enlisted our team to assess their quantum risk and formulate a forward-looking strategy.

What We Did

We started by working closely with the transit authority’s signaling engineers and IT security staff to identify where cryptography is used in the rail network. We performed a Quantum Threat Assessment focusing on two main areas: train control systems and supporting IT infrastructure.

In the train control realm, we examined systems like the CBTC, interlocking controls, and the wireless links between trains and wayside equipment. For example, on their newer lines using CBTC, trains constantly communicate their status to trackside radios and control centers, and these messages are authenticated and sometimes encrypted using standard algorithms. We identified that these systems often used embedded cryptographic chips that might not support new algorithms without hardware changes. On older lines, some signals and control commands weren’t encrypted at all (relying on obscurity or old analog systems), which posed an even more immediate risk if intercepted. We also looked at the fare collection and passenger information systems; while less safety-critical, they handle financial data and personal info that also require long-term protection.

After this assessment, we formulated a Quantum-Safe Rail Strategy with short-term and long-term components:

  • Hardening Communications: In the short term, we prioritized upgrading the security of communication channels that could be “low-hanging fruit”. We worked with the vendor to test a patch on a test track: the patch allowed the system to use a hybrid encryption mode (mixing classical and post-quantum key exchange for its session keys). We demonstrated that the trains and control center could run this patched version without any issues, proving the concept that a transition to PQC could be achieved with minimal performance impact on signaling timings.

  • Upgrade Path for Legacy Systems: The authority had a number of legacy systems (older signal interlockings, older train control on some suburban lines) that couldn’t easily be patched for new encryption. For these, we proposed a containment strategy: segmenting these systems on the network and adding additional layers of VPN encryption around them using quantum-safe protocols. Essentially, even if an old signaling system didn’t encrypt messages, we ensured the tunnel it ran through was encrypted by a PQC-capable VPN appliance. As a concrete step, we helped deploy a PQC-hybrid VPN to encapsulate the control traffic of one of the oldest lines as a pilot, preventing any would-be eavesdropper from accessing or altering those messages without breaking the quantum-resistant outer layer.

  • Operational Optimization Exploration: On the opportunity side, we turned to the question of efficiency. We partnered with the authority’s scheduling and operations research team to explore a quantum computing pilot for timetable optimization. Urban rail scheduling is a complex problem (to maximize throughput and minimize wait times, while accounting for maintenance, varying demand, etc.). We formulated a simplified version of their scheduling challenge (for one busy line during peak hours) into a mathematical optimization model. Then we worked with a quantum computing company to implement this on a quantum annealer. The aim was to see if the annealer could find good scheduling solutions and how it compared to their current algorithms. We ran this in parallel with their real-world schedule (without interfering, of course). The quantum solver managed to find a valid schedule that met all constraints in a comparable time to classical solvers for the small test case. This gave a hint that as quantum tech improves, it could tackle larger portions of the scheduling problem.

  • Training and Stakeholder Engagement: We conducted training sessions for both the technical teams and leadership. For IT and signal engineers, we held a hands-on workshop on implementing post-quantum cryptography (using open-source libraries in test environments) so they gained familiarity. For leadership, we presented easy-to-digest scenarios of what could happen if they don’t prepare (e.g., a future breach where an attacker disrupts service by manipulating signals) versus the benefits of early adoption (continuity of safe operations and setting industry best-practice). We also helped incorporate quantum readiness into their strategic technology plan that is shared with the city council and funding bodies. This ensures continued support and budget for these initiatives. Additionally, we liaised with city cybersecurity officials to align the transit authority’s plans with city-wide critical infrastructure protection efforts.

Outcome

The mass transit rail authority took concrete steps to secure its network. In terms of security outcomes, within months of our engagement, the authority has patched and updated some of its software on the newest lines to be crypto-agile.

By containing and wrapping legacy systems with additional encryption, the authority bought more time and security for those older components. They reported that the PQC VPN tunnel we added on the old line performed flawlessly, so they intend to replicate that approach to all remaining legacy segments over the next year. Essentially, no control command or signal will traverse their network without at least being protected by a quantum-resistant layer.

From an operational standpoint, the quantum scheduling pilot, though experimental, opened the door for further innovation. The test results indicated that quantum solvers can handle transit optimization in principle. The authority decided to continue this exploration by setting up a small follow-on project: they partnered with a university to dive deeper into quantum optimization for transit, using more advanced models and the latest quantum hardware as it becomes available. The expectation is that, in a few years, quantum computing might help eke out a few extra percent of efficiency in train schedules – which could mean transporting more passengers with the same infrastructure, a big win for a congested city system.

Another significant outcome is cultural and procedural. The transit authority’s leadership has fully embraced the importance of quantum readiness. They have updated their risk register (which is reported to the city) to include quantum cyber risk as a category, ensuring executive oversight. Budget has been earmarked in the next fiscal cycle specifically for “quantum-safe technology upgrades,” ensuring the plan we laid out continues to be funded. The cross-departmental team we worked with (signals, IT, operations) has evolved into an ongoing working group that meets to track advancements in both threat and technology.

Overall, by completing this initial phase, the transit authority has transitioned from simply modernizing to truly future-proofing its rail system. They have the confidence that their trains will run securely even in the face of evolving cyber threats, and they’re on the front foot to harness new tech for operational excellence.

Singapore+65 6829 2349

Dubai, UAE+971 4 409 6785

Chicago, IL, USA+1 (312) 761-4818

Home   Privacy Policy   Cookie Policy   Terms and Conditions   Working With Recruitment Agencies

© 2026 Applied Quantum. All rights reserved

Privacy Preference Center

Privacy Preferences

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Bluesky
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Copy link
CopyCopied