Why positive train control is vulnerable to a cyber-attack

Software, connectivity will likely contribute to hackers' ability to stop trains
Trains Industry Newsletter
Get a weekly roundup of the industry news you need.
By signing up you may also receive occasional reader surveys and special offers from Trains magazine. View our privacy policy.
Even as railroads continue to roll out positive train control, one question remains front and center: Are the systems vulnerable to a cyber-attack?

“Those are questions that have been raised at the highest level to the lowest levels," says Jim McKenney, technical director at United Kingdom-based NCC Group’s Transportation Assurance Practice. 

"Those are continuously being audited and addressed every single day and will be as long as there are people on trains and they’re going through areas where people live.”

Unlike other critical infrastructure, such as energy or water management systems, rail networks have avoided regulations as lawmakers have focused recent efforts on safety due to high profile crashes, says Jesus Molina, director of business development, for Waterfall Security Solutions.

“There is no question that a PTC rollout without managing the cybersecurity risk will open new attack vectors due to increased connectivity and new software added to the networks and onboard train,” Molina says. “In these cases, PTC may actually decrease the safety of passengers due to an unacceptable increased risk of cyberattacks that may lead to accidents.”

Railroads are installing PTC on nearly 57,848 route miles and on 19,912 locomotives, according to numbers from federal agencies.

“The use of IT-focused security tools, in particular, software tools such as firewalls to protect control critical networks is a huge mistake, and with increasingly connected rail networks, it is becoming a dangerous trend,” Molina says. “The focus of critical control networks is to be reliable and safe, and IT tools meant to protect data and confidentiality are not suitable to defend them.

“The most secure rail sites are not concerned with the steadily increasing sophistication of cyber-attacks, nor with the steadily increasing rate of disclosure of new attack vulnerabilities in control systems, network, firewalls and other security software,” Molina says. “This is because the most secure sites protect their automation systems from cyber-attacks physically, with hardware-based solutions such as unidirectional security gateways.”

Experts seem to agree that cybersecurity concerns around PTC are part of a larger discussion, says Allan Rutter, a former administrator of the Federal Railroad Administration.

“The railroads’ cybersecurity challenge isn’t unique to PTC,” Rutter says. “It has to do more with the expansion of technology and wayside measurement and train control system and vehicle tracking. Their concerns about cybersecurity cover the entire waterfront of everything they do. And PTC is a subsystem, but I think their cybersecurity concerns are broader and wider than that.”

The topic has caught the attention of lawmakers, who broached the subject during a May hearing on state-owned enterprises in public transit and freight rail.

“Any disruption or corruption to these functions or to our transportation network as a whole would have a debilitating effect,” U.S. Rep. Sam Graves, R-Mo., ranking member on the Committee on Transportation and Infrastructure, said in prepared remarks.

“Bad actors” have successfully compromised rail networks in Denmark, the United Kingdom, Germany, Poland, and the United States, Molina says.

“The targets for most of these breaches was to install malware and ransomware for financial gain, but once a system has been breached, more sophisticated targets, including cyber-physical, rather than pure IT, are possible,” Molina says.

“New targets will start appearing once these actors find a reason to go beyond the IT system, and the new payloads after a successful network breach may include modifying signaling systems to cause collisions, or forcing a malfunction in the software at the control center to impair service,” Molina added. “The question is not if payloads threatening safety will appear, but when.”

And, what happens when a bad actor hacks into a railroad’s PTC system?

Retired U.S. Army Brig. Gen. John Adams, president of Guardian Six, said in prepared testimony to the House Committee on Transportation and Infrastructure, that since PTC does not allow for driving a train, hacking the system might merely bring trains to a halt.

“A malicious cyber breach of PTC or underlying existing rail signaling systems could wreak havoc and cause accidents or derailments on the highly interdependent freight railway network,” Adams says.
Leave a Comment
Want to leave a comment?
Only registered members of TrainsMag.com are allowed to leave comments. Registration is FREE and only takes a couple minutes.

Login or Register now.
Please keep your feedback on-topic and respectful. Trains staffers reserve the right to edit or delete any comments.


The Genesee & Wyoming 

Newsletter Sign-Up

By signing up you may also receive occasional reader surveys and special offers from Trains magazine.Please view our privacy policy
Subscribe Up To 58% off the newsstand price!
Subscribe To Trains Mag Today