Abstract: This article analyzed the security of China Railway Information System, proposed a top level concept for the construction of the Railway Information Security System, three-layered protection architecture which was consisted of the subsystem of secure application environment, the subsystem of boundary protection, and the subsystem of communication network protection. The System was based on the support of railway security management center and the PKI/CA(Public Key Infrastructure/Certificate Authority) certificate authority. The TRS(Ticketing and Reservation System) was taken as an example to test the applicability.