Subscribe
Commentary
March 11, 2025|Class I

Keeping UP Safe From Cyberthreats

Written by Rick Holmes, Assistant Vice President of Information Assurance and Chief Security Officer, Union Pacific
(Union Pacific Photograph)
(Union Pacific Photograph)

Cyber risk management is complex. In the past year alone, our layers of defense stopped over 2 million pieces of malware from reaching Union Pacific (UP) devices. Our team of cybersecurity experts analyzes vast amounts of data, monitoring 30,000 alerts and conducting 500 deep-dive investigations annually. The result? No successful malware incidents in over seven years.

Rick Holmes, Assistant Vice President of Information Assurance and Chief Security Officer, Union Pacific (UP Photograph)

As head of UP’s information security and disaster recovery programs, my journey began in 1997 after five years in technology audits. Everywhere I looked, I saw opportunities for improvement. That’s when Rich Grunwald, then Vice President of Technology, pulled me aside and said, “I’m tired of reading your reports. Come fix the problems.” Twenty-eight years later, I’m still at it.

With countless malicious actors constantly probing for weaknesses, we must be exceptionally skilled at identifying and stopping them. This level of vigilance has its trade-offs. Employees sometimes get frustrated when denied access to installing software or accessing blocked websites. While some see us as the “department of no,” our job isn’t to hinder access but to shield employees and the company from threats.

Cyberattacks aren’t just a Tech Department issue; they pose real risks to train operations, financial security and sensitive data. Threat intelligence reports for 2024 indicate that global attacks have surged 30% year over year, and AI-driven threats are becoming increasingly sophisticated. The pressure to stay ahead has never been greater.

Our top priority is keeping UP’s operations secure. We do this by proactively identifying threats and implementing preventative mitigations, investing in advanced detection capabilities and continuously preparing for worst-case scenarios. We conduct simulated cyberattacks to test system resilience and assess financial impacts. Additionally, a select internal team—unbeknownst to the rest—routinely attempts to breach our own systems to keep our defenses sharp.

Cybersecurity is a never-ending challenge, but our commitment remains unwavering. By staying proactive and adaptive, we ensure UP’s network remains one of the most secure in the industry—protecting our employees, customers and the U.S. supply chain every day.

This article first appeared on the Inside Track section of the UP website.

Related Articles

April 2, 2026|Intercity

Amtrak, Union Pacific Settle Sunset Limited Dispute (Updated April 2, 2026)

“Station accessibility is a core part of SEPTA’s capital program,” said SEPTA CEO and General Manager Leslie S. Richards (pictured, center). “With the opening of the new Conshohocken Station, we are one step closer to reaching our goal of making SEPTA easier to use and more accessible to all.” (SEPTA Photograph)
April 2, 2026|Passenger

Transit Briefs: SEPTA, Amtrak

Norfolk Southern locomotives, led by 6920, the “Veterans Engine,” hauling Northrop Grumman SLS rocket components for Artemis II: Mission to the Moon through Atlanta, Ga.
April 2, 2026|Class I

Three Railroads and a Moon Shot (Updated April 2, 2026)

From left to right: Kristen Monaco, Director of the STB Office of Economics; Warren Randolph, Chief Data Officer at the NTSB; and Jen Adler, Director of the NTSB Office of Safety Recommendations and Communications.
April 2, 2026|News

People News: NJDOT, Alstom, Miner

April 2, 2026|Class I

Class I Briefs: BNSF, NS