Abstract: This paper targeted the problems of diverse threats, difficult hazard assessment and insufficient pertinence of existing emergency plans faced by railway critical information infrastructure under extreme scenarios. It carried out research on extreme scenario identification, defined the connotation and boundary of extreme scenarios, and established a "five-dimension and three-level" scenario classification and grading model, which transformed vague cognition of extreme scenarios into risk objects capable of accurate profiling and hierarchical management. This paper put forward the overall framework of special emergency disposal for railway critical information infrastructure, and formulated corresponding special emergency disposal mechanisms targeting four typical extreme scenarios including cyberattack, supply chain risks, business system failures and natural disasters. The research findings improve the cybersecurity emergency response system for critical information infrastructure in the railway industry theoretically, and provide a systematic construction framework and implementable technical paths at the practical level. They can be widely applied to top-level security planning of railway operating institutions as well as emergency disposal practices during major security guarantee periods.