Has there been any independent study of ACSES security? I'm concerned about the possibility that someone may try to spoof the signalling thereby taking unauthorized control of a train.
Railroad Forums
ACSES security
- General discussion about locomotives, rolling stock, and equipment
Moderator: John_Perkowski
you worry to much, and discussing this in open forum might only give someone idea's .
If Conductors are in charge, why are they promoted to be Engineer???
Retired Triebfahrzeugführer. I am not a moderator.
Retired Triebfahrzeugführer. I am not a moderator.
DutchRailnut wrote:you worry to muchThat doesn’t fit with
“DutchRailnut” wrote:and discussing this in open forum might only give someone idea's .I doubt there’s been an independent study, but Amtrak would know for certain. (Doubtful we have any sources willing to divulge such.)
Since it's paired with the cab signals, there's still ASC governing train stops. And in the few places where ACSES is deployed without cabs (e.g. MBTA northside, for as long as the Pan Am/ex-B&M cab signal ban remains in effect), all existing rules and wayside signals are still in effect to the engineer so it ends up no more safe/unsafe than all current ops today. In any case, if the signal system detects shennanigans with the ACSES layer it's going to default to restricting cab signals or (in non-cabs territory, and AMTK-controlled portions of the NEC where intermediate waysides back things up in triplicate) the wayside indicators will give the train all due advance warning to proceed with extra caution.
The beauty of the system is that you have multiple extremely difficult firewalls to breach to create any havoc. About the only way to create a potential safety situation is to hack the Fort Knox security at the central dispatch OCS itself. But even that's almost impossible to create danger on the running rails because if field vs. dispatch readouts get out-of-sync or direct communication is severed the rulebook already tells everyone there's a fault and to go into immediate restricting.
Other PTC systems that work without cabs, or are primarily GPS and non-wayside based, are a slightly different story on number of firewalls that have to be breached. But the rulebook is still in full effect, so baseline safety in a catastrophic beach is absolutely no worse than today and in 99.9999999% of shannanigans scenarios still better than today.
Bottom line: it's way, way, WAY too much work to pull off with too infinitesimally small odds of success. Worry about Air Traffic Control security like the experts have been warning us for decades is a softer target, not train control. Attackers inherently play the odds, and don't waste their energy on the hardest/most-fortified targets with the deepest-layered failsafes and lowest-of-all odds of success.
The beauty of the system is that you have multiple extremely difficult firewalls to breach to create any havoc. About the only way to create a potential safety situation is to hack the Fort Knox security at the central dispatch OCS itself. But even that's almost impossible to create danger on the running rails because if field vs. dispatch readouts get out-of-sync or direct communication is severed the rulebook already tells everyone there's a fault and to go into immediate restricting.
Other PTC systems that work without cabs, or are primarily GPS and non-wayside based, are a slightly different story on number of firewalls that have to be breached. But the rulebook is still in full effect, so baseline safety in a catastrophic beach is absolutely no worse than today and in 99.9999999% of shannanigans scenarios still better than today.
Bottom line: it's way, way, WAY too much work to pull off with too infinitesimally small odds of success. Worry about Air Traffic Control security like the experts have been warning us for decades is a softer target, not train control. Attackers inherently play the odds, and don't waste their energy on the hardest/most-fortified targets with the deepest-layered failsafes and lowest-of-all odds of success.