How ČD-Telematika Secures Czech Critical Infrastructure with Dataminr

About ČD-Telematika:

• ICT and digital services subsidiary of České dráhy (ČD), the Czech national railway carrier
• Operates the second-largest optical fiber network in the Czech Republic (3,500+ km)
• 500+ employees with a 30+ year track record in IT security
• Provides critical cybersecurity, IoT, and data transmission services to the Czech Ministry of Transport and state agencies
• Became a Dataminr customer in January 2026 through T-Soft, Dataminr’s Czech partner/distributor

As the digital backbone of Czech national rail managing over 3,500 km of fiber optic network and providing critical services to the Czech Ministry of Transport, ČD-Telematika (ČD-T) sits in the intersection of two of the most targeted sectors in modern cyber operations: transportation and government. 

We spoke to Josef Stemprok, ČD-T Security Analyst, and Peter Valenta, ČD-T Security Manager, to understand how Dataminr for Cyber Defense has enabled their team to expand ČD-T security operations center (SOC) from an internal cost center into a regional SOC-as-a-Service provider.

The Challenge: Managing Threats Across a Fragmented Intelligence Landscape

Before Dataminr, ČD-T’s analysts relied on a manually assembled patchwork of open-source tools — cycling through vendor publications, Feedly RSS feeds, Telegram channels, and dozens of websites each day. There was no centralized view or threat prioritization.

“It was very complicated and messy. We had a lot of tools to go through and a lot of websites that we had to read through,” said Stemprok.

According to Stemprok, threat actors on Telegram compounded the problem by regularly rotating their channels — making consistent monitoring nearly impossible. CTI tasks alone were consuming 10 to 15 analyst-hours per week, with no guarantee that the most critical threats were being surfaced.

Prior to using Dataminr, the ČD-T team also lacked a mechanism to detect threats in real time.  Events like attacks on government institutions and emerging exploits targeting their technology systems went undetected until they surfaced in the news, by which point the window for proactive response had closed. ČD-T knew this reactive posture was unsustainable.

The Solution: A Single Intelligence Layer for the Modern SOC

Through its existing relationship with T-Soft — Dataminr’s Czech partner and distributor — ČD-T gained access to Dataminr for Cyber Defense and deployed the solution during a six-week Proof of Value, targeting four core use cases: vulnerability management, zero-day detection, geopolitical and sector-aware monitoring, and analyst efficiency. Within the first weeks, the team quickly saw the value of the tool.

“From the get-go, Dataminr was much easier to use than what we had been doing before. It merged all the alerts and intelligence into one place, which made either vulnerability management or watching over cyber threats much easier than going through each source separately,” said Stemprok. “You have a single point to monitor everything you need.”

Flash and urgent alert tiers also gave the team immediate triage guidance: the ability to discern whether an alert is a critical active threat requiring immediate attention or a less time-sensitive incident. That clarity, previously nonexistent, changed how the team operated.

Two zero-day vulnerabilities surfaced during the PoV itself. By the time the team formalized their procurement, the tool had already moved from “something to evaluate” to “something we cannot operate without.”

Three Key Benefits of Using Dataminr for Cyber Defense

No. 1: First to Know Before the News and Advisories

ČD-T now routinely receives relevant and accurate threat intelligence in real time before it surfaces in mainstream media or vendor disclosures. The Cloudflare outage in November 2025 illustrated this clearly: while news outlets covered it the following day, ČD-T had confirmed and assessed the situation within an hour.

“All the mainstream media knew about the Cloudflare outage the day after. We learned about it in an hour after going through and reviewing Dataminr alerts,” said Stemprok.

When geopolitical events like the Iranian conflict created new threat vectors, within 48 hours, Dataminr published a page with five queries to help customers monitor Advanced Persistent Threats (APTs) and emerging vulnerabilities — delivering immediate context without requiring manual research from the team. When asked whether Dataminr is now their first source of information on emerging threats, Stemprok immediately confirmed that it is 100% of the time.

No. 2. Sector-Aware Intelligence Built for Critical Infrastructure

As part of Czech critical infrastructure, ČD-T faces a threat landscape that extends well beyond their own perimeter. State-sponsored actors targeting Czech government institutions, adjacent transportation networks, and EU infrastructure can all represent indirect risk to the railway’s digital operations. Dataminr gave the ČD-T team the contextual awareness to assess those risks in real time.

“We are able to monitor not only us but also the adjacent government. Since we are part of the critical infrastructure in the Czech Republic, we can monitor if there is an attack against a government institution, and from that, we can decide if we are possibly under attack or not,” said Stemprok.

Czech-governance-specific alerting was configured to surface threats relevant to ČD-T’s unique regulatory and operational context — monitoring not just what’s happening globally, but what matters specifically to a Czech critical infrastructure operator. The team also adopted a proactive approach to indicator-of-compromise (IOC) hunting: when Dataminr identifies relevant IOCs, analysts actively search for matches in their SIEM.

No. 3. Win-Win Efficiency: More Intelligence, Less Manual Work

The impact on analyst productivity was immediate and measurable. CTI tasks that previously consumed 10 to 15 analyst-hours per week now take a fraction of that time — while surfacing significantly more intelligence than the previous manual approach.

But it’s not simply about saving time—Dataminr enables the team to more effectively redirect resources. 

“For me as an analyst, Dataminr has given me more information. For Peter as a manager, Dataminr helps him to have less man-hours. So it’s a win-win for both of us,” said Stemprok. 

“We spend less hours threat monitoring every day, but we already get much more information than we could collect manually before. We have more time to do more productive stuff,” said Valenta.

Building a SOC Fit for the Next Generation of Czech Critical Infrastructure

With the SOC expanding into a regional service offering, the team is already exploring how Dataminr’s supply chain and third-party risk monitoring can scale to cover hundreds of suppliers. Dark web credential monitoring is another area of growing investment: ČD-T has already detected domain-specific credential leaks that would have gone unnoticed with previous tooling, and sees this use case as increasingly critical as the threat landscape matures.