SCHEDULE

How NIL Trained Caltrans to Secure California’s Highways with Cisco Cyber Vision

Home » Cases » How NIL Trained Caltrans to Secure California’s Highways with Cisco Cyber Vision
18 May 2026

A real-world approach to protecting operational technology in transportation and beyond that combines the Cisco Cyber Vision platform with NIL’s security expertise.

“In a world where industrial systems and operational technology are increasingly interconnected, we face growing cyber threats that can compromise critical infrastructure. Traditional IT security solutions are no longer sufficient.”

California Department of Transportation (Caltrans) manages one of the world’s most complex transportation ecosystems that include Freeway and Expressway system, plus public transportation networks including Amtrak California.
With 12 operational districts, live traffic management centers, and thousands of connected road assets (from traffic signal controllers and ramp meters to dynamic message signs and pedestrian push buttons). Caltrans manages everything that keeps California moving.

THE CHALLENGE

When uptime is the only metric that matters

Industrial networks like those in transportation face a unique risk profile that traditional IT security tools simply cannot address:

The NIS2 reality check

For European organizations, the stakes just got higher. The EU NIS2 Directive (enforced October 18, 2024) mandates cybersecurity readiness across 350,000+ organizations, including energy, transport, manufacturing, and digital infrastructure sectors.
Penalties are severe:

  • Essential Entities: Up to €10 million or 2% of annual global turnover.
  • Important Entities: Up to €7 million or 1.4% of annual global turnover.
  • Management liability, suspension of certifications, and mandatory 24-hour incident reporting.

The message is clear: compliance is no longer optional, and ignorance is not a defense.

THE SOLUTION

From blind trust to total visibility:
the 4-step journey to industrial network security

NIL, as part of the Conscia Group and a leading Cisco partner, architects OT security transformations following a proven methodology:

Step 1: Build a security foundation
Define the IT/OT boundary with Cisco Secure Firewall, establishing an industrial DMZ that segments enterprise networks from operational zones without disrupting production.

Step 2: Gain visibility & device posture
Deploy Cisco Cyber Vision sensors throughout the network to turn the network itself into a security sensor.

Step 3: Segment network into zones of trust
Using Cisco ISE, enforce micro-segmentation within the OT environment, isolating zones based on the Purdue model (Cell, Area, Control) to contain threats.

Step 4: Integrated incident investigation
Feed OT security events into Cisco XDR for unified threat investigation and orchestrated response across IT and OT environments.

How Cisco Cyber Vision works

Cyber Vision sensors are deployed at two critical vantage points:

  • At the edge: Monitoring East-West traffic between OT devices
  • At aggregation: Monitoring North-South traffic crossing the IT/OT boundary

These sensors collect industrial network traffic passively (and query devices actively when needed), decode industrial protocols using Deep Packet Inspection to extract meaningful metadata, and send lightweight metadata to the Cyber Vision Center for analysis and visualization.

The Caltrans Architecture: From Field to State

For Caltrans, NIL designed a multi-layered visibility architecture:

  1. Edge sensors at traffic controller cabinets, count stations, and camera aggregators capturing the East-West traffic between field elements that IT firewalls never see.
  2. District Cyber Vision Centers converting raw metadata into actionable intelligence for each of the 12 districts.
  3. Global Cyber Vision Center installed at Sacramento HQ, correlating threats across all districts so no blind spot becomes a systemic failure.

Once the sensors were live, Caltrans’ hidden world surfaced immediately. Cyber Vision inventoried every signal controller, camera, and message sign, but more importantly, it exposed the unknowns: unauthorized devices, forgotten systems still active on the network, and protocols communicating that no one had documented.

By implementing Cisco Cyber Vision with NIL’s industrial security expertise, organizations achieve:

NIL Learning: training built from real OT deployments

The 4-step methodology above isn’t just theoretical. Our Cisco-certified instructors (including CCSI and CCIE engineers) train your team on the actual traffic patterns, failure modes, and compliance scenarios they will face in day-to-day operation.

We teach your team to:

  • Decode industrial protocols (Modbus, DNP3, BACnet) that standard IT tools mislabel.
  • Interpret OT anomalies under pressure.
  • Build defensible compliance documentation that satisfies NIS2 incident reporting.
  • Operate in production environments where uptime is non-negotiable and a false positive can cost more than a missed alert.

THE COMPLIANCE

What NIS2 atually requires vs. what most organizations are buying

A tool without trained operators creates a false sense of compliance. When the 24-hour incident notification clock starts ticking, your team needs to know which alert is critical, which protocol is abnormal, and which log satisfies the follow-up report. Technology buys you data. Training buys you defensible expertise.

Take the next step
NIS2 compliance deadlines are active. OT threats are evolving. The organizations that will pass audits aren’t just the ones with the right tools, instead, they’re the ones with teams who know how to use them.
NIL Learning has trained Cisco professionals for over 30 years. Our Cisco Cyber Vision and OT Security courses don’t just teach features, they teach your engineers to recognize industrial protocols, interpret OT anomalies, and respond to threats in environments where uptime is non-negotiable.

Train your team before the incident trains you.