“Those are questions that have been raised at the highest level to the lowest levels. Those are continuously being audited and addressed every single day and will be as long as there are people on trains and they’re going through areas where people live,” says Jim McKenney, technical director at NCC Group’s Transportation Assurance Practice.
Unlike other critical infrastructure, such as energy or water management systems, rail networks have avoided specific cybersecurity regulations as lawmakers have focused many of their recent efforts on safety due to high profile crashes, says Jesus Molina, director of business development, for Waterfall Security Solutions.
“There is no question that a PTC-rollout without managing the cybersecurity risk will open new attack vectors due to increased connectivity and new software added to the networks and onboard train,” Molina says. “In these cases, PTC may actually decrease the safety of passengers due to an unacceptable increased risk of cyberattacks that may lead to accidents.”
Railroads are installing PTC on nearly 57,848 route miles and on 19,912 locomotives, according to numbers from federal agencies.
“The use of IT-focused security tools, in particular, software tools, such as firewalls, to protect control critical networks is a huge mistake, and with increasingly connected rail networks, it is becoming a dangerous trend,” Molina says. “The focus of critical control networks is to be reliable and safe, and IT tools meant to protect data and confidentiality are not suitable to defend them.
“The most secure rail sites are not concerned with the steadily increasing sophistication of cyber-attacks, nor with the steadily increasing rate of disclosure of new attack vulnerabilities in control systems, network, firewalls and other security software,” Molina added. “This is because the most secure sites protect their automation systems from cyber-attacks physically, with hardware-based solutions such as unidirectional security gateways.”
Unidirectional security gateways are, as the description implies, computer devices that allow information to flow in only one direction, rather than backward.
Experts seem to agree that cybersecurity concerns around PTC are part of a larger discussion, said Allan Rutter, a former Federal Railroad Administration administrator.
“The railroads’ cybersecurity challenge isn’t unique to PTC,” Rutter says. “It has to do more with the expansion of technology and wayside measurement and train control system and vehicle tracking. Their concerns about cybersecurity cover the entire waterfront of everything they do. And PTC is a subsystem, but I think their cybersecurity concerns are broader and wider than that.”
The topic has caught the attention of lawmakers, who broached the subject during a May hearing on state-owned enterprises in public transit and freight rail.
“Any disruption or corruption to these functions or to our transportation network as a whole would have a debilitating effect,” U.S. Rep. Sam Graves, R-Mo., ranking member on the Committee on Transportation and Infrastructure, said in his prepared remarks.
“Bad actors” have successfully compromised rail networks in Denmark, the United Kingdom, Germany, Poland, and the United States, Molina says.
“The targets for most of these breaches was to install malware and ransomware for financial gain, but once a system has been breached, more sophisticated targets, including cyber-physical, rather than pure IT, are possible,” Molina said.
“New targets will start appearing once these actors find a reason to go beyond the IT system, and the new payloads after a successful network breach may include modifying signaling systems to cause collisions, or forcing a malfunction in the software at the control center to impair service,” Molina added. “The question is not if payloads threatening safety will appear, but when.”
And, what happens when a bad actor hacks into a railroad’s PTC system?
“A malicious cyber breach of PTC or underlying existing rail signaling systems could wreak havoc and cause accidents or derailments on the highly interdependent freight railway network,” retired U.S. Army Brig. Gen. John Adams, president of Guardian Six, said in prepared testimony to the House Committee on Transportation and Infrastructure.
Since PTC does not allow for operating a train, hacking the system might merely bring trains to a halt.
“With positive train control, if you quote-unquote break into or hack into positive train control, you will probably break a component, which is going to cause a train to stop,” McKenney said. “It’s a very complex set of paths that you must really contemplate and have a lot of information, a lot of very specific technologies and skillsets to even contemplate trying to quote-unquote hack into positive train control and cause it to not stop a train and cause a derailment or cause a head-on train collision.”
anything with a computer is subject to hacking, that’s why a friend tells me to keep my classic ’66 Chevy gassed up as it has no computer under hood and will be ok, but not for too long as gas pumps are probably all computer operated.
What are they going to do? Hack into it and change the speeds?
If they set the speeds lower than normal, they’re only delaying trains by making them go slower. If they set the speeds higher then the engineer is just going to follow his/her speeds based on timetables.
In both situations if they fail to conform with a number of speed changes it will result in the system being declared a failure and cut out, which is already common practice with these since the system has rolled out.
So what are we worried about here???
If there’s someone out there who thinks the PTC system won’t get hacked and that the result will be, at best, chaos and at worst a major wreck, I’ve got a bridge between Brooklyn and Manhattan going cheap I’d like to sell you..
Roger Keay,
The answer to your question is ALL OF THEM, it would only be possible to isolate those systems just like others that could cause havoc by having your own network..,and it can’t be land-line, microwave or satelite based…guess what, it’s impossible to isolate a network unless it’s only inside one location without outside access.
In medicine, I am entertained that the feds required electronic records, and are now fining healthcare systems for inadequately securing said mandated systems… oh, and the feds also said that electronic records would save money and improve safety, neither of which has been proven to be true so far…
So many parallels with PTC., which is operating about a decade behind the healthcare mandates… this is all interesting to watch unfold!
How about isolating train control systems from computer threats by using track occupancy based block signals and non-computer based proprietary CTC networks? Wait, that was tried already and it worked for only 75 years or so . . . .
No foolin’.
We had a rule in the Marines when I was in during the Jurassic Age…
“NEVER put anything out over the electromagnetic spectrum you don’t want someone to hear!”
I still live by that, especially in this electronics-addicted age we live in.
Mark my words boys n’ girls, we’re heading for a “Digital ‘Titanic'” one of these days. I hope I’m wrong…
You’d think the same thing would have happened with the air traffic control system by now.
It will make for a great movie tho…
Trrrsss (and assorted evil doers, backed by Putin and Kim) hijack a long-distance Amtrak train, loaded with foamers and (mostly rich) old people with nothing better to do, and run the train around the entire country issuing demands (like edible food. One trrrsss is quoted after the hijacking as saying: “I thought these LD trains had edible food!, It was worse than Denny’s! I never would have volunteered for this had I known the quality of these Amtrak dining cars.”). After 30 days on the road, nobody actually misses the foamers and (mostly rich) old people with nothing better to do, as everybody assumes they are just stuck on another LD train that is probably late.
The trrrrsss are flummoxed, and go home.
The train arrives safely (altho, somewhat latter than expected and in the wrong city, but nobody gives this a second thought as it’s an Amtrak LD train, so – really – what did they expect).
After the hijacking, one of the trrrrsss is quoted as saying: “We’ve got better trains than this in OUR country. This train was like something out of an old Hollywood movie. I couldn’t believe how slow it was. I asked a few of the old-people, who seemed to have nothing better to do than sit on a train, as to why the train was so slow? And he said: ‘High speed trains are just for socialists who hate freedom, so it’s patriotic to like slow trains.’ ”
Compromising a control system like PTC is much more difficult if it does not connect with the public internet. The hacker must obtain physical access to the network which is more difficult than sitting thousands of miles away at a computer terminal. I wonder how many of the compromised rail networks mentioned above were accessible from the internet?
As was said in a movie, “BE AFRAID, BE VERY AFRAID”
Just like the elimination of manned towers, stations and cabooses did for the onslaught of vandalism.
We knew this even before the legislation was passed. This is not news.