Modern smart railways leverage advanced digital tools like AI and 5G to improve efficiency, yet this connectivity introduces significant cybersecurity risks. These systems are uniquely vulnerable because they integrate legacy hardware from past decades with modern, internet-facing networks, expanding the potential for attacks. Critical issues include the lack of encryption in older protocols and a cultural divide between fast-moving tech security and conservative safety standards. To combat these threats, operators are adopting zero-trust architectures, quantum-safe encryption, and AI-driven monitoring to detect operational anomalies. Furthermore, new government regulations in the US and Europe are transforming security from a voluntary choice into a mandatory, audited requirement for the industry.