AGENDA NOW LIVE

Defend the Railroad Cyber Security Collaborative Returns

Coming February 10-11, 2026
TheLink in Columbia, Maryland.

Get Your Conference Pass

About The Collaborative :

Defend The Railroad is a mission-driven initiative led by TAC to strengthen cybersecurity across our nation’s rail systems.
 
This year we are in partnership with Cylus, AmtrakAssociation of American Railroads (AAR), and American Short Rail and Regional Rail Association (ASLRRA).

As digital threats to critical infrastructure continue to grow, this collaborative brings together government, cybersecurity experts, rail operators, researchers, and industry leaders to protect one of our most vital transportation lifelines.

Through hands-on collaboration, real-world threat discussions, and strategic knowledge sharing, Defend The Railroad empowers participants to identify vulnerabilities, fortify defenses, and shape the future of rail cybersecurity.

What You'll Experience On Board

Get Your Conference Pass

Access Speaker Sessions & Presentations

Access to Happy Hour Networking Event

Access To Technology Showcase & Expo

Industry-Led Table-Top Simulations

Group Townhalls

Gain access to policymakers, and frontline experts

Collaborative Speakers

More To Be Announced Soon

Mr. John J. Garstka

Director, Cyber Warfare, OUSW Acquisition & Sustainment
U.S. Department of War

Tariq Habib

Chief Information Security Officer
State of NY Metropolitan Transportation Authority

Carolyn Hayward-Williams

Director - Office of Railroad Systems and Technology, Office of Safety
Federal Railroad Administration, U.S. Department of Transportation

Gary Eppinger

Vice President, Technology and Chief Information Security Officer
CSX Transportation

Aubrey Wetzelberg

Intelligence Analyst
Federal Bureau of Investigation

Miki Shifman

CTO
Cylus

Arun Seelagan

Senior Data Scientist
Cybersecurity and Infrastructure Security Agency (CISA).

Karan Sondhi

CTO Global Public Sector, CrowdStrike

Keisha Braden

Cybersecurity Surface Inspector
Transportation Security Administration Department of Homeland Security

Katie Savage

Secretary / State Chief Information Officer, Maryland Department of Information Technology

Jennifer Gallagher

Cybersecurity and Risk Analysis, Railroad Systems and Technology
Federal Railroad Administration, U.S. Department of Transportation

Brian LaGore

Assistant Vice President - Information Technology
Paducah and Louisville Railway

Josh Russell

Principal Security Architect
CSX

Justin Smith

Acting Senior Director Enterprise Cybersecurity
Amtrak

Janet St. John

Director, Cybersecurity
Association of American Railroads

Melissa Firstenberg

Sr Mgr Fleet Cybersecurity
Amtrak

Annie Fixler

Director and Senior Fellow, Center on Cyber and Technology Innovation
Foundation for Defense of Democracies

Yaniv Mallet

Product Manager
Cylus

Jiwon Ma

Senior Policy Analyst
Foundation for Defense of Democracies

Kam Chumley-Soltani

Managing Director, OT Security
Armis

Jen Blum

Founder and Principal Consultant
JenAI Group

Patrick Gillespie

OT Practice Director
Guidepoint Security

Zane Blomgren

Solution Engineer
Claroty

Olivia Phillips

BISO
Amtrak

Industry-Led Breakout Sessions: Tabletop Exercises & Roundtables

Secure A Tabletop - Become A Sponsor

The Dual Edge of AI in Rail Cybersecurity: Unlocking the Future for Attackers and Defenders

AI is starting to play a bigger role in rail cybersecurity, from monitoring and detection to supporting response decisions. This roundtable is a practical discussion about how AI is actually being used in rail environments today.

Learn more

Game Day Disruption

This immersive experience takes participants out of their comfort zones and places them directly into a high-pressure scenario: A multi-faceted cyberattack strikes multiple railway vendors at the height of the FIFA 2026 World Cup – now what?

Learn more

Watch on Youtube

Secure by Design: Governing Workforce GenAI and Agentic AI Development

As federal transportation agencies adopt generative AI to enhance workforce productivity and mission outcomes, security and governance must be built in from day one. From employee use of GenAI tools to the development of agentic AI applications, organizations face new risks around data protection, access, and operational trust.

Learn more

Watch on Youtube

Mind the Gap: Securing the Silent Infrastructure That Powers the Journey

While the industry focuses on the "brain" of the train, it often overlooks the "body"—the massive industrial infrastructure of power substations, building management systems, and maintenance depots.

Learn more

Beyond Air-Gap: Transitioning Rail Infrastructure to an Identity-Centric Zero Trust Architecture

For decades, the primary defense for rail signaling, command, and control systems was "security by isolation." However, the acceleration of digital transformation—driven by the need for predictive maintenance, remote asset management, and high-speed connectivity; has rendered the traditional air-gap a relic of the past.

Learn more

CrowdStrike Discusses Their Participation in Defend The Rail 2026

Bureau Veritas Discusses their participation in Defend The Rail 2026

Moments from Hack The Railroad 2024

Since 2023, this event has been grounded in a mission that serves our community. What began as Hack The Railroad has evolved into Defend The Railroad, a name change that reflects our deepening commitment to securing critical rail infrastructure. As the threat landscape grows, we’re dedicated to pushing this mission forward and fostering collaboration where it counts most.

Thank You to Our Sponsors

Join Sponsors

Social

Youtube X-twitter Instagram Linkedin

Sign up to Receive our Newsletter:

TheLink

7000 Columbia Gateway, Suite 150
Columbia, MD 21046
+1 443 626 4450

Home

Get Your Pass

Agenda

Become A Sponsor

Travel & Hotels

Contact TAC - Collaborative Host

TAC Home

About Cylus' Roudtable

The Dual Edge of AI in Rail Cybersecurity: Unlocking the Future for Attackers and Defenders

AI is starting to play a bigger role in rail cybersecurity, from monitoring and detection to supporting response decisions. In some cases, it helps teams see issues sooner and reduce noise. In others, it introduces new risks, including new ways for attackers to automate activity and avoid detection. This roundtable is a practical discussion about how AI is actually being used in rail environments today. We’ll discuss where it makes sense, where it doesn’t, and how operators can put guardrails in place so AI supports human judgment in systems where safety and reliability come first.

About Bureau Veritas Tabletop Exercise

Game Day Disruption

To help organizations prepare for the reality of these interdependent threats, Bureau Veritas Cybersecurity is leading live cyber crisis simulations at the upcoming Defend the Railroad event in Maryland.
This immersive experience takes participants out of their comfort zones and places them directly into a high-pressure scenario: A multi-faceted cyberattack strikes multiple railway vendors at the height of the FIFA 2026 World Cup – now what?

Participants will:
- Step into real-world roles such as railway operations, communications, legal, CISO, and IT response
- Navigate evolving incidents based on realistic threat scenarios
- Collaborate under pressure to assess risk, manage communications, and make tough calls
- Gain a hands-on understanding of how operational and cybersecurity decisions must work in tandem

Whether you’re a security leader, IT practitioner, or operational stakeholder, this simulation is a must-attend opportunity to test your readiness and sharpen your response playbook.

About CrowdStrike's Tabletop Exercise

Secure by Design: Governing Workforce GenAI and Agentic AI Development

As federal transportation agencies adopt generative AI to enhance workforce productivity and mission outcomes, security and governance must be built in from day one. From employee use of GenAI tools to the development of agentic AI applications, organizations face new risks around data protection, access, and operational trust. This roundtable will explore how agencies like Amtrak and the FRA are approaching GenAI adoption secure by design—balancing innovation with governance, visibility, and control. Participants will discuss practical considerations for enabling AI safely while maintaining compliance, resilience, and trust across the transportation mission.

About Claroty's Roudtable

Mind the Gap: Securing the Silent Infrastructure That Powers the Journey

While the industry focuses on the "brain" of the train, it often overlooks the "body"—the massive industrial infrastructure of power substations, building management systems, and maintenance depots. This session explores the cybersecurity of the extended rail enterprise, where traditional IT security tools fail and specialized signaling tools don't reach. We will analyze the risks in the "silent" assets—such as traction power SCADA and station life-safety systems—and discuss how a unified Cyber-Physical Systems (CPS) approach can provide the visibility needed to prevent a "minor" infrastructure glitch from becoming a major network-wide service disruption.

About Guidepoint & Armis Tabletop Exercise

Beyond Air-Gap: Transitioning Rail Infrastructure to an Identity-Centric Zero Trust Architecture

For decades, the primary defense for rail signaling, command, and control systems was "security by isolation." However, the acceleration of digital transformation—driven by the need for predictive maintenance, remote asset management, and high-speed connectivity; has rendered the traditional air-gap a relic of the past. As rail networks converge with IT and IoT, the industry faces a critical inflection point: the perimeter is no longer a physical or logical boundary, but the identity of the users and devices accessing the fabric. This roundtable will explore the practical transition from legacy "implicit trust" models to an Identity-Centric Zero Trust Architecture (ZTA).
Participants will engage in a collaborative dialogue on:
The shift from Layer 3 (Network) to Layer 4/5 (Application) connectivity to limit lateral movement. Managing "Machine Identities" in distributed rail environments where traditional MFA is physically or operationally difficult.
Balancing high-security access with the mission-critical need for rapid, remote maintenance during service disruptions.

We use cookies to ensure the best browsing experience possible

Accept