The networks used in the Railway domain are usually heterogeneous, not enough protected and not fitted to the usual Cyber Security requirements in terms of sustainability, protection and attack detection. Furthermore, the quick evolution of the telecommunications, the threats and the sustainability aspects have to be taken into account in order to protect the Railway system. Cyber Security in general can be achieved through 2 main disposals: 1) a detection of threats from a monitoring of the environment followed by a detection of abnormal behaviors based on dedicated algorithms, and 2) an automatic system decides which reaction to take and finally apply this action (e.g. an alarm or a reconfiguration). Our approach aims at answering the questions: what happens if the automatic countermeasures fail, and therefore if and how the driver can detect or block the attack, or manage its consequences. It is based on the “human in the loop principles” and consists in testing the driver Situation Awareness in placing professional drivers and OCC operators (Operational Control Center) in a realistic simulator and playing scenarios involving attacks and observing their reactions. A preliminary methodology is proposed and discussed through concrete case studies.