Why OT security fails when signalling engineers are not part of the conversation

OT cybersecurity rarely fails because of missing technology. It fails because the people closest to the system, especially signalling engineers, are often left out of the conversation.

In critical rail infrastructure, signalling engineers already live and breathe risk. Their work is grounded in safety, integrity, and fail-safe design. Yet OT cybersecurity is still frequently introduced as an external IT requirement, rather than something that builds on the same principles signalling has relied on for generations.

That is where things start to go wrong.

Governance before technology

The earliest failures in OT security usually happen long before an attack. They start with weak governance and a lack of ownership. Organisations know they must comply with regulations, but often do not fully understand what OT cybersecurity actually means for operational systems.

Without clear direction from the top, cybersecurity becomes a grudge purchase. It has no perceived value until something goes wrong, and by then it is already too late. OT security is not a one-off project. It is a continuous activity, more like an insurance policy than a product you install and forget.

Why signalling engineers push back

In rail environments, resistance to cybersecurity is common, particularly among signalling engineers. This resistance is not irrational. Signalling systems prioritize availability and integrity, and engineers are rightly cautious about changes that could affect service.

When cybersecurity controls are applied without context, they can feel impractical or even risky. Password policies, session timeouts, and access restrictions may make sense on paper, but not when you are responsible for keeping trains moving and systems available in real time.

This often creates a cultural divide between IT and OT. IT does not understand operations. OT feels forced to accept controls that do not reflect reality. Both sides lose.

Speaking the language of signalling

The shift happens when cybersecurity is explained in signalling terms.

Signalling has always been driven by risk assessment. If something can happen, eventually it will. The same logic applies to OT cybersecurity. Cases in water and energy infrastructure show how weak credentials, Internet-facing HMIs, and unmanaged access can lead directly to physical damage and service disruption.

Railway history offers a powerful parallel. Many signalling rules exist because of past catastrophes. Some may seem excessive today, but they were written in response to real failures. OT cybersecurity is following the same path, learning from incidents that were once considered unlikely.

When cybersecurity is framed around integrity and availability, engagement changes. For example, encryption and VPNs are not just about confidentiality. They improve data integrity, a concept signalling engineers immediately understand and value.

From resistance to ownership

During training with a rail operator in Australia, signalling engineers initially pushed back hard against cybersecurity. Instead of forcing controls onto them, the conversation shifted to collaboration. Engineers were asked to explain their concerns and identify risks themselves.

Once cybersecurity was aligned with signalling objectives, denial of service prevention, data integrity, and system availability, buy-in followed quickly. Engineers began proposing security improvements on their own and pushing for stronger protections across more systems than originally planned.

The result was not compliance, but ownership.

OT security as a shared responsibility

OT cybersecurity works when it starts with leadership, is grounded in governance, and respects operational reality. It also requires basic discipline, knowing your assets, securing physical access, managing credentials, and applying lessons learned consistently across old and new systems alike.

Most importantly, it works when signalling engineers are treated as partners, not obstacles.

 OT security does not need to be imposed on the rail industry. It needs to be integrated into the same safety-driven thinking that has underpinned signalling for over a century. If that collaboration happens early, systems are not just more secure, they are more resilient for the long term. 

This blogpost was written by Ray Lock,
Global Market Director, Solution Architect at Westermo. 

Click here to watch the full Westermo Talks video on OT Cyber Security: where it all goes wrong.