WASHINGTON — The federal cybersecurity agency issued an advisory last week regarding a vulnerability in end-of-train devices that could allow an attacker to gain control of a train’s air brake system.
“Successful exploitation of this vulnerability could allow an attacker to send their own brake control commands to the end-of-train device, causing a sudden stoppage of the train which may lead to a disruption of operations, or induce brake failure,” the Cybersecurity & Infrastructure Security Agency warned on July 10.
End-of-train devices collect brakeline pressure data and send the information via radio signal to a head-end device aboard the locomotive, allowing the engineer to monitor the braking system. EOTs also relay data about whether the rear end of a train is stopped or moving forward or backward.
The devices send regular telemetry about every 40 seconds but will immediately send a signal if it detects a change in train status.
CISA is unaware of any attempts to exploit the vulnerability in the EOT communications system.
The Association of American Railroads, which sets standards for the industry, is pursuing new technology to replace the current brake monitoring system.
“The standards committees involved in these updates are aware of the vulnerability and are investigating mitigating solutions,” CISA said. “The AAR Railroad Electronics Standards Committee (RESC) maintains this protocol which is used by multiple manufacturers across the industry, including Hitachi Rail STS USA, Wabtec, Siemens, and others. Users of EoT/HoT devices are recommended to contact their own device manufacturers with questions.”
The cybersecurity agency recommended that railroads take defensive measures to mitigate the risk of an attack on an EOT system.
The specific vulnerability, CISA said, is weak authentication. Using the Common Vulnerability Scoring System, the agency assigned a score of 8.1 to the EOT weakness, which puts it into the high severity category. The numerical scores are assigned to one of four categories: low, medium, high, and critical.
The AAR says it’s focused on making security improvements as it incorporates new technologies and equipment.
“As the railroad industry looks to the future, every operational strategy, safety protocol, and piece of equipment is viewed as an opportunity to enhance performance and safety. Accordingly, railroads have, and will continue to, put concerted effort into advancing next-generation End-of-Train devices and the technical standards that govern them,” spokeswoman Jessica Kahanek said in an email. “Next generation devices and standards have the potential to significantly improve communication between lead locomotives and the end of the train, securely enhance reliability, and streamline operations.”
More broadly, AAR has supported CISA and Department of Homeland Security initiatives that focus on identifying vulnerabilities in equipment and developing mitigation strategies to reduce risks.
“This collaboration will lead to the evaluation of a wide array of technologies and equipment and the ultimate hardening of critical infrastructure, ensuring the safe delivery of freight for customers across the network,” Kahanek said.
Note: Updated at 3:05 p.m. Central with comment from AAR.
As an 18 year old I held a TS/SCI security clearance in the Army, think loose lips sink ships. I’m troubled whenever I hear “well we’ve discovered this security issue.” Nothing like sharing intel
What about dpu’s? Maybe they should put all the power back on the head end.
Although not as high tech but just as disruptive is a youngster running behind a slow moving train and pulling an unsecured EOT off.
This is a serious issue. If a hacker got access to a FRED beacon they could put the train into emergency and looters can break into the cars and steal the cargo. This is why everyone from Wabtec to all of the major locomotive manufacturers need to investigate this so we protect this vital system so it does not get hacked. Webtec invented the brake system they will know what to do after all Webtec has been putting the brakes on trains since 1869.
I always thought of the possibility of using 600+ VDC of diesel electric traction motor voltage to overcome extended long freight train length’s lines losses could be a possibility, transmitted in M.U. type cabling running parallel to the air brake pipe and gladhand hose lines in every piece of rolling stock, for the purpose of quick airbrake (de)activation.
But apparently the airbrake industries have other ideas. http://www.railway-technical.com/trains/rolling-stock-index-l/train-equipment/brakes/electro-pneumatic-brakes-d.html
This is reminiscent of the Y2K scare. The problem was known for years, and yet nothing was done until it became a crisis. Why change now?
Nothing like advertising to the world that there is weakness in security. Hopefully the hackers of the world don’t read Trains Magazine. This is probably a low priority for the hackers, they are to busy causing bigger problems.
Note that although this security issue has been known in the railroad industry and was even discussed in a 2005 paper, it remains unresolved in North America’s railway control systems to this day.
Dr. Güntürk Üstün
Gorgeous cabooses… Gone but not forgotten.
Dr. Güntürk Üstün
Bring back the caboose ! Can’t hack a real person the brakeman.
Gorgeous cabooses… Gone but not forgotten.
Dr. Güntürk Üstün