Technological advances in the telecommunications industry have brought significant advantages in the management and performance of communication networks. The railway industry is among the ones that have benefited the most. These interconnected systems, however, have a wide area exposed to cyberattacks. This survey examines the cybersecurity aspects of railway systems by considering the standards, guidelines, frameworks, and technologies used in the industry to assess and mitigate cybersecurity risks, particularly regarding the relationship between safety and security. To do so, we dedicate specific attention to signaling, which fundamental reliance on computer and communication technologies allows us to explore better the multifaceted nature of the security of modern hyperconnected railway systems. With this in mind, we then move on to analyzing the approaches and tools that practitioners can use to facilitate the cyber security process. In detail, we present a view on cyber ranges as an enabling technology to model and emulate computer networks and attack-defense scenarios, study vulnerabilities' impact, and finally devise countermeasures. We also discuss several possible use cases strongly connected to the railway industry reality.

翻译：电信行业的技术进步为通信网络的管理与性能带来了显著优势，铁路行业是其中受益最大的领域之一。然而，这些互联系统也暴露了广泛的网络攻击面。本综述通过考察铁路行业用于评估和缓解网络安全风险的标准、指南、框架及技术，特别聚焦安全与安保之间的关系，研究了铁路系统的网络安全问题。为此，我们重点分析信号系统——其基础性依赖于计算机与通信技术——从而更好地探索现代高度互联铁路系统安全的多面性。基于此，我们进一步分析从业人员可用来促进网络安全流程的方法与工具。具体而言，我们提出了将网络靶场作为使能技术的观点，用于建模和仿真计算机网络与攻防场景、研究漏洞影响，并最终制定对策。我们还讨论了与铁路行业现实紧密相关的多个可能用例。