Digitalisation is changing the railway globally. One of the major concerns in digital transformation of the railway is the increased exposure to cyberattacks. The railway is vulnerable to these cyberattacks because the number of digital items and number of interfaces between digital and physical components in these systems keep growing. Increased number of digital items and interfaces require new methodologies, frameworks, models, concepts, and architectures to ensure the railway system’s resilience with respect to cybersecurity challenges, such as adoption and convergence of Information Technology (IT) and Operational Technology (OT) technology within the railway. This convergence has brought significant benefits in reliability, operational efficiency, capacity as well as improvements in passenger experience but also increases the vulnerability towards cyberattacks from individuals, organizations, and governments. This paper proposes a methodology on how to deals with OT security in the railway signalling using failure mode, effects and criticality analysis (FMECA) and ISA/IEC 62443 security risk assessment methodologies.