Train Equipment Technical Security

[STrRedWolf]

I happen to pull an article from the Register today about transportation security in the context of equipment networks -- specifically the computers that are controlling the engines of the vehicles.

Think about this way: It's quite plausible that someone can hijack both the signaling system and the engines to cause a massive crash that levels a good chunk of New York.

https://www.theregister.co.uk/2018/07/0 ... interview/" onclick="window.open(this.href);return false;

"On the flip side, in the US the Association of American Railroads is saying we can't interfere, all we can do is broker discussions. Regulators are saying, well, we have to take a lead from the railroad association. Regulators need to get involved. C'mon, guys: stop the finger pointing. This is a problem that we all have to solve."

[DutchRailnut]

train signal like cab signal /atc or acses and operations systems on trains are not accessible by wifi.
systems at dispatcher end can easily be protected , seems like BS article suggesting otherwise.

[ExCon90]

They may be thinking about the type of PTC being installed in the West, with radio towers -- that might be possible to hack. (?)

[Backshophoss]

While there have been hacks into onboard automotive computers,All Railroad Mainframe systems have robust firewall,antivirus protection setups,
there will be a network sharing data between the various PTC backroom systems to allow Locos from other RR to operate on that RR's PTC.
As Amtrak will be part of this PTC backroom network,this could the "weak" link unless there's "Ironclad" network security

[STrRedWolf]

Um... when was the last audit that proved that out?

Washington Post reported that WMATA is susceptible to hacking: https://www.washingtonpost.com/local/tr ... b7b8105ed6" onclick="window.open(this.href);return false;

Fair use quote:

That audit was presented to Metro’s board of directors in a closed meeting late last month, but the report and takeaways are being kept secret because of the risk of tipping off potential criminals to existing weaknesses at the transit agency.

...

Upcoming audits, however, could reveal more vulnerabilities in the system. According to a schedule presented to the board, Cherrington plans six more security-related audits over the next fiscal year.

Those reviews will examine a range of potential hazards — from a massive data breach of SmarTrip card information to potential attacks that could interfere with critical safety operations such as rail traffic control systems, gas and fire sensors, the power grid, station ventilation, and voice and data communications.