Abstract: A mature and complete ICT supply chain is a prerequisite for ensuring the security, controllability, and stable development of enterprise information infrastructure. At present, the railway information systems have basically achieved full coverage of key business scenarios in specalities. The security of the supply process during its design, development, deployment, and operation and maintenance stages has become an important factor in ensuring the long-term security and stability of railway transportation. Based on the characteristics of the railway information system supply chain and the current situation of security risk management, this article analyzes and identifies supply chain security risks in railway information systems, and proposes specific measures to strengthen risk control throughout the entire lifecycle of railway information systems and improve supply chain security management.