Abstract: In order to implement the protection requirements of China's critical information infrastructure, fulfill the main responsibility of critical information infrastructure operators, and give full play to the value of safe operation, the paper analyzed the business characteristics and protection status of railway critical information infrastructure according to the requirements of the National Key Information Infrastructure Security Protection Law, with reference to relevant technical standards, and put forward the thoughts of continuously strengthening the construction of five security protection capabilities, namely, identification, security protection, monitoring and early warning, event handling, detection and evaluation from the four levels of business application, information system, important data and infrastructure. It can provide theoretical reference for the safety protection of railway critical information infrastructure.