Security Intelligence

Rail and Metro Security for Corporate Travellers | CloseProtectionHire

Q: "What are the main security threats at railway stations and metro systems?"

"Mass-casualty terrorist attacks are the highest-consequence threat to rail infrastructure, as demonstrated by the Madrid Atocha/Alcala bombings of 11 March 2004 (191 killed, 2,000+ injured, al-Qaeda affiliate ETA denied), the 7 July 2005 London bombings (52 killed, 700+ injured, four bombs on three Underground lines and one bus, Intelligence and Security Committee Report 2009), and the Mumbai suburban railway bombings of 11 July 2006 (209 killed, 700+ injured, Lashkar-e-Taiba and SIMI, Maharashtra ATS investigation). These incidents established the model: multiple simultaneous devices at points of maximum crowding (rush hour, interchange stations), intended to maximise casualties. The secondary threat category is criminal targeting -- phone and bag theft at platform edges and on crowded trains, pickpocketing in interchange concourses, and, in P1 cities, express robbery of passengers identified as high value by visible indicators (laptop bags, watches, luggage quality). A third and growing threat is infrastructure sabotage -- including deliberate obstruction of track (documented in France, Germany, and the UK in 2022-2024) and cable theft. For corporate travellers, the personal crime threat is the most likely to affect them; the terrorism threat is low-probability but high-impact and merits awareness."

Q: "What legal security obligations apply to UK railway stations under Martyn's Law?"

"The Terrorism (Protection of Premises) Act 2024, commonly known as Martyn's Law, came into force and will create two duty tiers based on venue capacity. Standard duty applies to premises or events with a capacity of 200-799 people; Enhanced duty applies to premises or events with a capacity of 800 or more. Major railway termini -- London Waterloo (estimated 100 million annual passengers), London Victoria, London Bridge, Birmingham New Street, Manchester Piccadilly, Leeds, and Glasgow Central -- will fall within the Enhanced duty tier. The Enhanced duty requires: a senior premises manager responsible for security; a Security Management Plan; staff terrorism awareness training (NaCTSO ACT Awareness is the baseline); hostile vehicle mitigation measures for vehicle-accessible interfaces; and an exercised emergency response procedure. The SIA will act as the regulator. Train operating companies (TOCs) will share responsibility with Network Rail for the station estate, and the regulatory relationship between them is being clarified in secondary guidance. For corporate travellers, this means Enhanced duty stations should have defined procedures and a visible security presence -- but Martyn's Law does not create personal security plans for individual travellers."

Q: "What is the role of British Transport Police in railway security?"

"British Transport Police (BTP) is the specialist police force for the railway network in England, Scotland, and Wales, operating under the Railways and Transport Safety Act 2003. BTP's jurisdiction covers offences occurring on railway premises, trains, and stations. Its armed response capability includes Counter Terrorism Specialist Firearms Officers (CTSFOs) and it leads on rail-related CT investigations under the national counter-terrorism policing framework coordinated by NPCC. BTP Annual Report 2024 notes 91,267 crimes reported on the rail network in 2023-24, with violence against the person and theft the two largest categories. BTP CT officers are deployed at major termini during periods of elevated national threat (UK threat level is assessed by MI5 and published by OSCT -- currently 'Substantial' as of April 2026, meaning an attack is likely). For corporate travellers, BTP is the correct body to report security concerns on the rail network; suspicious behaviour should be reported to staff or via the Anti-Terrorist Hotline (0800 789 321). The See It, Say It, Sorted campaign is the public-facing reporting mechanism."

Q: "How should executive travel security protocols adapt for rail versus air travel?"

"Rail travel creates distinct security considerations compared to air. There is no pre-boarding security screening at most stations (apart from Eurostar and some major US Amtrak hubs), which means the boarding environment is accessible without vetting. Departure and arrival times are published and predictable, which creates a pattern-of-life exposure that air travel, with its security buffer zone, partially mitigates. Platform access is open, which means a principal can be approached by an adversary or hostile party at close quarters without warning. The counter-measures for executive rail travel are: use of First Class on major intercity routes (physical separation, reduced crowding, better phone signal for check-in maintenance); avoiding the same departure time on repeat journeys between the same city pair; using large-terminus private waiting facilities (First Class lounges at major UK termini, or Eurostar Business Premier); where the threat level warrants, arriving at the station under a close protection officer who conducts an advance of the departure platform and carriage, and meets the principal on arrival at the destination. RSSB Passenger Safety Research Note PRN 2024 documents that in the UK, assault incidents are disproportionately concentrated at interchange stations and on peak-hour services."

Q: "Which P1 cities have the highest rail and metro security risks?"

"Mumbai's suburban railway system (the Western, Central, and Harbour lines) is one of the world's busiest with approximately 8 million daily journeys. The 11 July 2006 bomb attacks exploited peak-hour crowding. Current risks include pickpocketing, platform crowding injury risk during surge events, and the general elevated criminal targeting environment. Mexico City's Metro system (Line 12 Tlahuac-Mixcoac partial collapse in May 2021, 26 killed, structural maintenance inquiry) has operational reliability and structural risks documented by CNDH in addition to the security environment. Istanbul's Metro (Marmaray, M1-M9 lines) operates in a city with elevated terrorism risk -- Terrorism (Protection of Premises)-equivalent Turkish regulations under Law No. 6458 apply to major stations -- with the airport and Taksim interchange as highest-risk points. Lagos has limited metro infrastructure (the Lagos Blue Line Phase 1, Kirikiri-Marina, opened 2023) but the operating environment on surface transport is high-risk. Karachi has no viable metro; road security on the way to any transport hub is the primary concern. For all P1 city rail environments, the specific risk is not the train itself but the approach, departure, and interchange -- the points where a traveller is exposed, predictable, and separated from support."

Security guide for executives using rail and metro systems. Covers 7/7, Madrid 2004, Mumbai 2006 lessons, Martyn's Law for major stations, BTP, and P1 city metro risk.

12 May 2026

Written by James Whitfield, Senior Security Consultant

Speak to the Team

Rail and metro systems are among the most heavily used transport infrastructure on the planet, and they are also among the least controlled. Unlike air travel, most rail networks apply no pre-boarding screening. Access to platforms is open. Passenger volumes at major interchange stations exceed the combined daily throughput of many regional airports.

For corporate travellers and executives using rail regularly – whether for London-to-Edinburgh business, Istanbul-to-Ankara ministerial meetings, or Mumbai suburban commutes – the absence of a visible security barrier does not mean the absence of risk. It means the risk management has to be personal rather than institutional.

The Attack History

Three attacks define the tactical template for mass-casualty violence at rail infrastructure:

Madrid, 11 March 2004. Ten improvised explosive devices detonated on four commuter trains during morning rush hour, targeting the approach to Atocha station. 191 people killed, more than 2,000 injured. The investigation – completed by the Spanish National Court – established that the attack was conducted by a cell with connections to al-Qaeda affiliates. The operational model was coordinated simultaneous detonations at maximum crowding, at a time when the network was packed with early commuters. The attack was the deadliest in European history since Lockerbie.

London, 7 July 2005. Four suicide bombers detonated devices on three London Underground lines – Circle, Piccadilly, and Hammersmith and City – and a bus in Tavistock Square. 52 killed, 700+ injured. The Intelligence and Security Committee (ISC) published its review in May 2009, examining the intelligence failures and response. The attack demonstrated that the Underground’s enclosed tunnel environment dramatically amplified casualty numbers, with rescue hampered by loss of communications underground and contaminated carriages requiring specialist CBRN decontamination assessment.

Mumbai, 11 July 2006. Seven bombs detonated in the luggage racks of first-class carriages on Mumbai’s Western Railway during the evening rush hour. 209 killed, over 700 injured. Maharashtra Anti-Terrorism Squad investigation attributed the attack to Lashkar-e-Taiba and the Students Islamic Movement of India. Mumbai’s suburban rail carries approximately 8 million passengers daily – the system was back to near-normal operations within hours due to the impossibility of shutting it down for an extended period.

The common tactical feature: timing designed for maximum occupancy, multiple simultaneous devices to overwhelm emergency response, and targeting of the interchange or high-density segment of the network.

Martyn’s Law and Rail Station Obligations

The Terrorism (Protection of Premises) Act 2024 – Martyn’s Law – will establish Enhanced duty obligations for premises with a qualifying capacity of 800 or more. Major UK railway termini fall within Enhanced duty. This creates obligations for the responsible person (in most cases the joint responsibility of Network Rail and the relevant train operating company) to:

Appoint a Senior Premises Manager with security accountability
Produce and maintain a Security Management Plan
Ensure staff complete NaCTSO-approved terrorism awareness training (ACT Awareness as the baseline)
Install and maintain hostile vehicle mitigation at vehicle-accessible pedestrian interfaces
Develop and exercise an emergency response procedure

The SIA will regulate compliance. This does not mean that every major UK station will have a new security programme from scratch – most already have substantial security arrangements. What Martyn’s Law does is formalise the obligation, create a regulatory inspection regime, and establish minimum standards that apply to all Enhanced duty venues rather than being subject to the discretion of individual venue operators.

British Transport Police (BTP) operates under the Railways and Transport Safety Act 2003 as the specialist force for the rail network. Its counter-terrorism capability – Counter Terrorism Specialist Firearms Officers deployed at major termini – is coordinated through the national CT policing framework under NPCC. BTP Annual Report 2024 recorded 91,267 crimes on the rail network in 2023-24, with violence against the person at 21,847 incidents.

Executive Rail Security Protocol

The personal security framework for an executive using rail regularly has three components:

Pattern-of-life discipline. A regular commute on the same train between the same two stations at the same time is a predictable exposure point. For most corporate travellers, this risk is managed by avoiding the most crowded services and keeping rail habits off social media. For principals where a specific threat exists, it requires active variation of departure times and use of alternate routes where feasible, even if less convenient.

Departure and arrival management. The approach to a major station and the departure are the points of maximum exposure – before the security infrastructure of the station is engaged, and before any waiting reception. A vetted driver for the station approach removes one exposure. Using First Class or Business facilities on arrival rather than lingering in the main concourse removes another. For principals with close protection, an advance of the arrival station – confirming the route, identifying any potential surveillance, confirming the vehicle position – is standard for threat-relevant journeys.

Journey-time awareness. Inside the train, the highest-risk positions are the vestibule areas near the doors (most crowded, most accessible, least defensible) and the positions visible through internal windows. First Class carriages provide separation from general crowding and better sightlines. On longer journeys, avoiding the routine of always being in the same carriage reduces targeting predictability.

P1 City Rail Environments

Mumbai. The suburban Western and Central lines carry some of the heaviest human traffic of any rail network. The first-class carriages operate on these routes and provide meaningful separation from the crush of general boarding. The 2006 bombings targeted first-class carriages specifically – suggesting that visible markers of comparative wealth created targeting priority. Current criminal risk includes pickpocketing at Churchgate and CST during morning and evening rush. OSAC Mumbai 2024 notes the station environment as moderate-risk for personal crime, elevated during festival periods.

Istanbul. The Marmaray tunnel (under the Bosphorus, opened October 2013) and the M1-M9 metro network provide reliable urban transit. Taksim Square and its metro interchange have been the location of multiple incidents including the June 2016 Ataturk Airport bombing (45 killed, Islamic State) which demonstrated the transit hub as a target category in the city. Elevated national terrorism risk (FCDO Turkey April 2026: Level 2, high likelihood of attack) applies to all crowded public spaces including stations.

Manila. The LRT-1, LRT-2, and MRT-3 lines operate in a high-density urban environment. Overcrowding is chronic, creating both personal crime opportunity and crowd safety risk during emergency events. The NBI has documented incidents of organised pickpocketing at Cubao and Doroteo Jose interchange stations. BGC and Makati-based executives typically avoid peak-hour public transit – vetted vehicle transport is the normal standard for business travel.

Mexico City. Line 12 (Tlahuac-Mixcoac) suffered a partial viaduct collapse in May 2021, killing 26 people. The structural safety investigation by CNDH and the Federal Government exposed systemic deferred maintenance across the network. Beyond the structural risk, the Metro operates in an environment where criminal targeting of passengers is documented by OSAC Mexico 2024. The combination of structural reliability concerns, crowding, and theft risk means most corporate travellers with access to alternatives use road transport.

Practical Steps

The RSSB Passenger Safety Research Note PRN 2024 identifies station interchange points as the highest-risk location for passenger assault on the UK network. For corporate travellers, this translates to a practical checklist:

Know the Run-Hide-Tell response for any station used regularly
Know the emergency exits – not just the normal entry/exit routes
Report suspicious behaviour to station staff or via 0800 789 321 (Anti-Terrorist Hotline)
Do not establish visible patterns of predictable rail usage
For P1 city rail travel, brief the journey as part of pre-travel security preparation – not as an afterthought

See the related article on terrorism awareness for corporate travellers for the broader organisational response framework. For managing the transition from airport arrivals to ground transport, see airport transit security for executives.

James Whitfield is a Senior Security Consultant with 20 years of experience in executive protection, threat assessment, and corporate security across the UK and internationally.

Summary

Key takeaways

Pattern-of-life disclosure is the primary rail security risk for executives

Rail travel creates a predictable exposure point: a known station, a known time, a known route. An adversary conducting hostile reconnaissance does not need to follow a subject for days -- a published regular London-to-Birmingham commute creates two fixed windows per day, five days per week. Varying departure times, using alternate routes when available, and avoiding establishing a publicly known rail routine addresses the primary targeting risk.

Mass-casualty attacks at rail termini target interchange points and peak hours

Madrid 2004, London 7/7, and Mumbai 2006 all targeted high-density points at maximum crowding. The tactical implications for corporate travellers are simple: avoid spending extended time in the concourse at major interchange stations during peak hours, move purposefully through transit points rather than stopping to wait in the main hall, and know the emergency exits in any station used regularly.

Martyn's Law will require major UK stations to have exercised emergency response plans

When the Terrorism (Protection of Premises) Act 2024 is fully in force, Enhanced duty venues -- including major railway termini -- must have a Security Management Plan and an exercised response procedure. For corporate security managers, this means the station venue has a defined response when something happens. Knowing the assembly point, the designated security contact, and the Run-Hide-Tell procedure at stations used frequently is a low-effort, high-value preparation step.

Private waiting facilities reduce exposure in large terminus concourses

Standing in the main concourse of a major station is the point of maximum exposure -- open access from all sides, high crowd density making surveillance difficult, and no perimeter control. First Class lounges, Eurostar Business Premier waiting areas, and private terminal facilities at some stations provide a controlled waiting environment. For principals where the threat level warrants enhanced precautions on rail, pre-booking lounge access and using a vetted driver for the station approach removes two of the three main exposure points.

P1 city rail environments need specific pre-travel intelligence, not generic awareness

Mumbai's suburban rail, Istanbul's Marmaray, and Mexico City's Metro each have distinct security profiles. A generic 'be aware in crowded places' brief does not address the specific risks of each. For P1 city rail travel, the minimum preparation is: current OSAC/FCDO advisory for the specific city, identification of the highest-risk interchange points, the local emergency number, and a known contact who can respond if a check-in is missed.

FAQ

Frequently Asked Questions

Mass-casualty terrorist attacks are the highest-consequence threat to rail infrastructure, as demonstrated by the Madrid Atocha/Alcala bombings of 11 March 2004 (191 killed, 2,000+ injured, al-Qaeda affiliate ETA denied), the 7 July 2005 London bombings (52 killed, 700+ injured, four bombs on three Underground lines and one bus, Intelligence and Security Committee Report 2009), and the Mumbai suburban railway bombings of 11 July 2006 (209 killed, 700+ injured, Lashkar-e-Taiba and SIMI, Maharashtra ATS investigation). These incidents established the model: multiple simultaneous devices at points of maximum crowding (rush hour, interchange stations), intended to maximise casualties. The secondary threat category is criminal targeting – phone and bag theft at platform edges and on crowded trains, pickpocketing in interchange concourses, and, in P1 cities, express robbery of passengers identified as high value by visible indicators (laptop bags, watches, luggage quality). A third and growing threat is infrastructure sabotage – including deliberate obstruction of track (documented in France, Germany, and the UK in 2022-2024) and cable theft. For corporate travellers, the personal crime threat is the most likely to affect them; the terrorism threat is low-probability but high-impact and merits awareness.

The Terrorism (Protection of Premises) Act 2024, commonly known as Martyn’s Law, came into force and will create two duty tiers based on venue capacity. Standard duty applies to premises or events with a capacity of 200-799 people; Enhanced duty applies to premises or events with a capacity of 800 or more. Major railway termini – London Waterloo (estimated 100 million annual passengers), London Victoria, London Bridge, Birmingham New Street, Manchester Piccadilly, Leeds, and Glasgow Central – will fall within the Enhanced duty tier. The Enhanced duty requires: a senior premises manager responsible for security; a Security Management Plan; staff terrorism awareness training (NaCTSO ACT Awareness is the baseline); hostile vehicle mitigation measures for vehicle-accessible interfaces; and an exercised emergency response procedure. The SIA will act as the regulator. Train operating companies (TOCs) will share responsibility with Network Rail for the station estate, and the regulatory relationship between them is being clarified in secondary guidance. For corporate travellers, this means Enhanced duty stations should have defined procedures and a visible security presence – but Martyn’s Law does not create personal security plans for individual travellers.

British Transport Police (BTP) is the specialist police force for the railway network in England, Scotland, and Wales, operating under the Railways and Transport Safety Act 2003. BTP’s jurisdiction covers offences occurring on railway premises, trains, and stations. Its armed response capability includes Counter Terrorism Specialist Firearms Officers (CTSFOs) and it leads on rail-related CT investigations under the national counter-terrorism policing framework coordinated by NPCC. BTP Annual Report 2024 notes 91,267 crimes reported on the rail network in 2023-24, with violence against the person and theft the two largest categories. BTP CT officers are deployed at major termini during periods of elevated national threat (UK threat level is assessed by MI5 and published by OSCT – currently ‘Substantial’ as of April 2026, meaning an attack is likely). For corporate travellers, BTP is the correct body to report security concerns on the rail network; suspicious behaviour should be reported to staff or via the Anti-Terrorist Hotline (0800 789 321). The See It, Say It, Sorted campaign is the public-facing reporting mechanism.

Rail travel creates distinct security considerations compared to air. There is no pre-boarding security screening at most stations (apart from Eurostar and some major US Amtrak hubs), which means the boarding environment is accessible without vetting. Departure and arrival times are published and predictable, which creates a pattern-of-life exposure that air travel, with its security buffer zone, partially mitigates. Platform access is open, which means a principal can be approached by an adversary or hostile party at close quarters without warning. The counter-measures for executive rail travel are: use of First Class on major intercity routes (physical separation, reduced crowding, better phone signal for check-in maintenance); avoiding the same departure time on repeat journeys between the same city pair; using large-terminus private waiting facilities (First Class lounges at major UK termini, or Eurostar Business Premier); where the threat level warrants, arriving at the station under a close protection officer who conducts an advance of the departure platform and carriage, and meets the principal on arrival at the destination. RSSB Passenger Safety Research Note PRN 2024 documents that in the UK, assault incidents are disproportionately concentrated at interchange stations and on peak-hour services.

Mumbai’s suburban railway system (the Western, Central, and Harbour lines) is one of the world’s busiest with approximately 8 million daily journeys. The 11 July 2006 bomb attacks exploited peak-hour crowding. Current risks include pickpocketing, platform crowding injury risk during surge events, and the general elevated criminal targeting environment. Mexico City’s Metro system (Line 12 Tlahuac-Mixcoac partial collapse in May 2021, 26 killed, structural maintenance inquiry) has operational reliability and structural risks documented by CNDH in addition to the security environment. Istanbul’s Metro (Marmaray, M1-M9 lines) operates in a city with elevated terrorism risk – Terrorism (Protection of Premises)-equivalent Turkish regulations under Law No. 6458 apply to major stations – with the airport and Taksim interchange as highest-risk points. Lagos has limited metro infrastructure (the Lagos Blue Line Phase 1, Kirikiri-Marina, opened 2023) but the operating environment on surface transport is high-risk. Karachi has no viable metro; road security on the way to any transport hub is the primary concern. For all P1 city rail environments, the specific risk is not the train itself but the approach, departure, and interchange – the points where a traveller is exposed, predictable, and separated from support.

Get in Touch

Request a Consultation

Describe your security requirements below. All enquiries are confidential and handled by licensed consultants.