Computer-based transit systems are increasingly large, distributed and heterogeneous; in one word: complex. Being 'complex' and 'open' systems, their protection against both natural faults and deliberate attacks is far from being trivial. In this paper, we report a survey of a ten years industrial experience in infrastructure and threat modelling for the assurance of reliability, safety and security in different phases of the life-cycle of rail transit systems. Described by a set of case-study applications, the experience highlights the importance of mastering advanced modelling paradigms through a strict and constant cooperation with universities and research institutes. Copyright © 2012 Inderscience Enterprises Ltd.