The networks used in the Railway domain are usually heterogeneous, not enough protected and not fitted to the usual Cyber Security requirements in terms of sustainability, protection and attack detection. Furthermore, the quick evolution of the telecommunication means, the threats and the sustainability aspects have to be taken into account in order to protect the Railway system. The paper presents the first contributions on Cyber Security for railways that can be divided into three main aspects dealing with the Cyber Security of the wireless part of the railway communication system: detection, decision and Human-in-the-Loop. Part of the work will be devoted to the development of an Open Pluggable Framework (OPF). The OPF is a software framework based on automation principles. It monitors the environment, then some algorithms detect abnormal behaviours, and next, OPF decides which reaction to take and finally apply this action (e.g. an alarm or a reconfiguration). The last part 'human in the loop' aims at answering the questions: what happens if the automatic countermeasures fail and how the driver can cope with the attack consequences. It consists in placing professional drivers and Central Traffic Control operators in a realistic simulator and playing scenarios involving attacks and observing the reactions of the professional drivers. A preliminary methodology is proposed and discussed through a concrete case study.