3F: Fit for future – Three common pitfalls in rail modernization – and how to avoid them
Across Europe, the railway sector is under increasing pressure to modernize. The number of passengers is growing steadily, as are passenger expectations for reliable, resilient, and modern rail transport. Railway operators are therefore facing major challenges, as they cannot simply replace and expand their existing fleets entirely with new train generations due to costs, delivery times, and manufacturing capacities. Furthermore, many existing trains no longer meet the necessary state of the art, but are far from reaching the end of their life cycle. An economically sensible and therefore popular solution is retrofitting: modernizing existing vehicles and making them fit for the next ten to twenty years.
by Alexander von Allmen, Head of the Business Line Embedded Products at duagon
In Germany, Deutsche Bahn (DB) has launched its S3 program in 2024. As part of this multi-year reform, DB is not only investing in infrastructure, but also focusing on digital improvements to existing trains and upgrading comfort features such as Wi-Fi and on-board information systems. Operators in Europe and worldwide use retrofitting as smart solution to introduce modern capabilities like digital connectivity, cybersecurity and diagnostics without rebuilding from scratch. However, retrofitting is not without risks that can make such projects more expensive than budgeted. Let’s have a walk through the three most common pitfalls and let’s have a focus on how to avoid them.
Pitfall #1: The monolith trap
Does modernization mean completely replacing an old system by ripping everything out and replacing it with something entirely new? The answer is no, but many rail operators find themselves in this position because off-the-shelf modern platforms lack the interfaces needed to preserve working legacy subsystems, for example with MVB, serial links, or CAN networks. These buses are still functional in many vehicles but are often left behind because newer systems don’t support them.
This creates a false choice: Either keep the legacy system and forgo modern functionality like passenger Wi-Fi, AI-driven condition monitoring, and advanced diagnostics, or replace everything, including what doesn’t need replacing. What makes this even more painful is that most retrofit solutions are still rigid – fixed in form, hard to extend, and costly to adapt later. As result, projects are delayed, costs balloon, and operators end up with systems that are either over-engineered or under-capable.
The solution is modular modernization. It starts with choosing interoperable building blocks designed for incremental, risk-controlled upgrades. This can take the form of using standardized platforms like CompactPCI Serial, which offer a rack-based, scalable computing architecture. It makes it possible to plug in just the required functionality, whether that’s a modern CPU, a Wi-Fi module, a cybersecurity component, or a legacy interface adapter.
Another possible approach is to split the system to be replaced into individual more manageable components by, for example, using an off-the-shelf edge computer combined with an external cellular modem or a universal gateway. Rather than replacing entire systems, this scales functionality, not complexity – following the motto “Keep what works and replace what doesn’t”.
An additional benefit is that train manufacturers and operators can manage certifications more efficiently, because each building block is independently tested and certified for railway use. They can maintain compliance without repeating expensive requalification processes every time when upgrading a component.
Pitfall #2: Cybersecurity
Legacy rolling stock was never designed for modern connectivity. The little connectivity that is present is typically based on legacy field buses with low data rates and limited functionality. The exchanged data was strictly for operational purposes and installations were inaccessible behind closed cabinets. But today, there are new digital services such as Wi-Fi, remote access, cloud telemetry, live diagnostics – all of which expose the system to cyber threats it was never built to withstand. The result is that modernization introduces new attack surfaces even in otherwise isolated or safety-certified systems. And it’s not just about best practice anymore. Regulations like the Cyber Resilience Act (CRA) are coming. Compliance won’t be optional. Here’s the dilemma: Once cybersecurity enters the picture, many projects grind to a halt. It’s seen as too complex, too costly, or too hard to apply in brownfield environments. So, either cybersecurity is bolted on late, or ignored entirely. And both options are dangerous.
The good news is that cybersecurity, even in retrofit scenarios, doesn’t have to be overwhelming. The key is to start with the right mindset: Cybersecurity isn’t a bolt-on, it’s part of the architecture. Especially when older systems are being connected for the first time, security needs to be considered early, not left for later. That begins with foundational protections, like secure boot, signed firmware, and access controls – features that are essential.
Equally important is the ability to segment safety critical from non-critical domains. In a typical train, safety systems run alongside passenger Wi-Fi, CCTV, or diagnostics. That’s possible, but only if the system supports proper isolation, for example through virtual networks, firewalls, or physical separation depending on the safety classification.
And finally, there is lifecycle management. Only systems that can be maintained and updated can be secure throughout the product’s lifetime. For railway operators with retrofit projects and mixed fleets, it is therefore essential to select technologies and partners that are familiar with the strict standards, safety boundaries, and long deployment cycles in the railway sector. If those are respected, retrofit and security can absolutely go hand in hand.
Pitfall #3: The lifecycle mismatch
In the rail industry, operators and maintainers expect hardware to have a useful life of 15 to 20 years – in some cases even 30 years. That’s true for mechanical components, and historically, it’s been true for many electronic platforms as well. But software doesn’t follow the same rules anymore. Today, the typical support window for an operating system is five to seven years. Middleware, security libraries, and toolchains evolve even faster – especially when they’re based on general-purpose technologies that are advancing rapidly to keep up with IT and cloud innovation. This gap creates real problems: While the hardware would still function perfectly, updates for the operating system are no longer available, the toolchain is no longer supported, or cybersecurity is no longer guaranteed due to a lack of security updates. This is why lifecycle mismatch isn’t just an IT nuisance but becomes a strategic blocker to secure, sustainable system evolution, that affects new train generations, existing fleets, and modernization projects alike. Unfortunately, this mismatch is becoming more common as systems are more connected, security demands more frequent updates, open-source software becomes more dominant, and the pace of change accelerates. Due to this accelerated development, hardware dependencies have a much faster impact than traditional timelines and forms of use have anticipated.
Fortunately, the lifecycle mismatch can be avoided if modernization is not just in terms of performance, but in terms of durability across both hardware and software. The first step is to choose platforms that are designed for long-term support. This means software stacks that have been validated in rail environments – not just borrowed from fast-moving consumer or cloud ecosystems. It also includes stable and maintainable operating systems with a known support roadmap.
The second step is to decouple the system layers, so they can evolve independently. This includes hardware, operating system, business logic, and platform. The separation allows to upgrade one part without disrupting everything else. In this context it also helps to work with product families that are mechanically and electrically compatible across generations. Adjustments and scaling are thus possible without redesigning from scratch.
And finally, lifecycle planning doesn’t stop at the component level. It also means having processes in place for obsolescence monitoring, redesign paths, and second-source strategies, especially for systems that need to stay in service for 15 years or more. If all these aspects come together, the result is a platform that’s not just fit for now, but fit for the future.
Share on:
