< Back
Thales strengthens Infrabel’s cybersecurity posture

Tags:

TCS BELUX TCS BELUX events Risk and threat evaluation
16 September 2025

Thales strengthens Infrabel’s cybersecurity posture

Ensuring the safety of passengers and freight on the Belgian railways is a top priority for Infrabel. The railway infrastructure management company took a proactive approach to comply with the European NIS2 directive for cybersecurity. Through its Security Operations Centre (SOC), Thales has strengthened Infrabel’s cybersecurity posture.

Safety is in Infrabel’s DNA, so when NIS2 was announced, the company was eager to ensure compliance as soon as possible. It drafted a tender for a managed security service to implement monitoring across all its infrastructure, unifying IT, OT, and IoT networks. Thales won the tender with its SOC offering. “We adopted a risk-based approach, collaborating closely with Infrabel” according to Geoffrey Lucas, Cybersecurity Lead of Thales in Belgium. Following a thorough risk analysis, Thales developed specific scenarios to help Infrabel in managing the whole chain of risks, from monitoring and detection to remediation.

A key reason why Infrabel selected Thales is because of its status as an industrial group with an in-depth understanding of their daily operations. Indeed, Thales has a division providing infrastructure for trains, implementing radio communication between trains, as well as monitoring and dispatching operations. “We speak the same language and understand their needs,” Geoffrey emphasises. “Securing railway infrastructure and ensuring the safety of 500 passengers on a train is vastly different from securing IT infrastructure.”

Thales is now nearing the completion of implementing a comprehensive monitoring solution for Infrabel’s infrastructure. The SOC detects any suspicious activity and protects Infrabel’s networks against security incidents in real time, 24/7.

“We also implemented a vulnerability management service for Infrabel,” Geoffrey adds. “It’s not enough to merely collect all known vulnerabilities for the systems in use. Not every vulnerability applies to the specific use case. Therefore, the first step is having an overview of the vulnerabilities, followed by filtering for applicability.” Then comes prioritisation, Geoffrey explains. “It’s impossible to remediate every discovered vulnerability immediately, especially since new vulnerabilities are disclosed daily. Hence, identifying the most critical ones to fix is vital. For example, in Infrabel’s case, possible safety issues for passengers are prioritised because of their impact.”

Thales integrates various sources for vulnerabilities. “While we continue to use traditional vulnerability scanners like Qualys, we supplement them with sources tailored to specific domains, such as railway infrastructure in the case of Infrabel,” Geoffrey states. Among the additional sources, Thales also uses its own Cyber Threat Intelligence. The goal is to have a comprehensive view of all relevant vulnerabilities.

Cyber Meet-Up 2025

Discover more on this topic

cards image

CryptoLove Report
cards image

Implementation of a Cyber risk analysis for an Air Traffic Control Centre
cards image

Cyber Risk Assessment for Air Traffic Management: Insights and Best Practices from Thales and SMATSA