Abstract: As the information systems of railway enterprises are becoming more and more open and interconnected, supply chain attack has become one of the main challenges of railway enterprises' network security. However, the rapid development of cloud computing and mobile Internet has led to the blurring of the traditional internal and external boundaries of enterprise networks, and the traditional network security protection mode is increasingly difficult to cope with a variety of complex and changeable attacks. Based on the concept of zero trust and combined with the attack and defense drilling of railway enterprise network, this paper discusses the application of SDP model to guard against supply chain attacks. The SDP controller is deployed within the railway network security management center and mainly consists of the traffic detection module, the rule control module and the traffic time characteristic analysis module. These three modules work together to assist the unified log management platform to complete fine-grained dynamic access control over the interactions between the railway information systems and external systems so as to effectively cope with supply chain attacks, thus building a more secure network security protection system for railway enterprises.