The Transportation Security Administration (TSA) has just released reports on a cyber attack which occurred on December 1st of this past year. Northwest Rail Company’s computers were compromised and subsequent train schedules were delayed. Apparently no lives were put in danger. The following day another event took place however; the TSA has yet to disclose the nature of the action.
It is not clear what the intent of these hacks was, but clearly the events have drawn some attention to the issue of security for railways and other public transportation which can be controlled via computer systems. A meeting held on december 20th was attended by the Association of American Railroads, the Boeing Company, Indus Corporation, and representitives from the FBI, Homeland Security, and the TSA. The focus of the meeting was communication and, “…. to bring, at a higher level, an understanding of the national impact to cyberattacks,” said Steve Carver, an aviation industry consultant.
“Amtrak and the freight rails needed to have context regarding their information technical centers” said TSA officials in a memo about the incident. Furthermore they explain, “Information stating the incidents were a targeted attack was not sent out” .
“The processes set in place for government to work with the industry in real-time communications regarding a cyber event aligned superbly,” claims a recap about the meeting.
Meanwhile in Germany, Stefan Katzenbeisser, a professor at Technische Universität Darmstadt warns of the risk of attack by hackers on their rail systems.
“Trains could not crash, but service could be disrupted for quite some time…denial of service” hacks are one of the easiest forms of cyber terrorism. He insists that security keys for the coordination of railway operating systems must be made more secure in order to preserve the integrity of the system already in place.
The TSA reports, “Cyberattacks were not a major concern to most rail operators”. We know the government has made progress in defending against cyber terrorism, obviously it has not trickled down to all sectors of the transportation industry. I think most people’s perception would be that the TSA is fixed on the Airline industry in regard to regulation and security. The information is scarce, but it appears the railways and TSA were caught with their pants down on this one.