• Congressional Restrictions on CRRC Transit Cars?

  • General discussion of passenger rail proposals and systems not otherwise covered in the specific forums in this category, including high speed rail.
General discussion of passenger rail proposals and systems not otherwise covered in the specific forums in this category, including high speed rail.

Moderators: mtuandrew, gprimr1

  by Gilbert B Norman
 
Gray Lady has an in-depth article appearig today regarding the controversy of a state owned Chinese company assembling transit cars on American soil.

By the way, gottaluv that term "Spy Trains" used within the article:

https://www.nytimes.com/2019/09/14/busi ... urity.html

Fair Use:
.CHICAGO — America’s next fight with China is unfolding at a glistening new factory in Chicago, which stands empty except for the shells of two subway cars and space for future business that is unlikely to come.

A Chinese state-owned company called CRRC Corporation, the world’s largest train maker, completed the $100 million facility this year in the hopes of winning contracts to build subway cars and other passenger trains for American cities like Chicago and Washington.

But growing fears about China’s economic ambitions and its potential to track and spy on Americans are about to quash those plans. Congress is soon expected to approve legislation that would effectively bar the company from competing for new contracts in the United States, citing national security and economic concerns. The White House has expressed its support for the effort..
Ask me, much ado about nothing, or maybe more ado about a relatively minor issue.
  by lensovet
 
I presume you've heard of Stuxnet, Wannacry, and others. These are not tin-foil-hat speculations; this is real stuff happening in this day and age. To pretend it's not real…
  by Backshophoss
 
Remember,the US Freight car builders started this,fearing that CRRC wanted to expand into freight car building.
There have been some very public hacks into Major US corporations,Equafax was one of those hacks,so was TJMax retailer database
for Credit Card info,My Bank reissued all the Debt/Credit Cards after that hack!
Target was another hack attack victim.
  by mmi16
 
lensovet wrote: Thu Sep 19, 2019 8:03 pm I presume you've heard of Stuxnet, Wannacry, and others. These are not tin-foil-hat speculations; this is real stuff happening in this day and age. To pretend it's not real…
To pretend it is not real is truly Presidential these days.
  by mtuandrew
 
Moderator Note: humor me and post only about politics directly related to this restriction, folks.

EDIT: this means:
-specifics of the trade policies & tariffs as they relate to CRRC
-bills, executive actions, and cabinet-level regulations related to such policies and tariffs
-Discussion of infrastructure-disrupting and spycraft electronics is ok, but again, keep it germane to CRRC cars.

Try to avoid ad hominem attacks against American, Chinese, or third-party leaders, excepting as a repost of an article from elsewhere. I don’t want this to look like Facebook or a newspaper comments section.

First and last warning, now clarified for you. PM if you have questions.
  by STrRedWolf
 
So if there's fears about it, what can be done about CRRC cars already built? Well, I have an idea:

Did the contract say that CRRC is to send over the electrical diagrams? If the answer is No then you reject the entire car set as suspect.

If the answer is Yes then you take a good ol' multimeter rated for house power, and start verifying the diagram and measure voltage drops and power usage.

Why? Because if there's something not in the diagrams sucking juice while it's powered up, it's going to show! Plus you got the specs on the power usage on each component -- if you don't and you can't find it, then you don't have all the electrical diagrams and the entire car is suspect.

You verify each and every car. You don't sample. You're paranoid for good reason. And if you find something there that isn't supposed to be there, then CRRC has a contact violation on their hands.
  by justalurker66
 
STrRedWolf wrote: Sat Sep 21, 2019 12:45 pmDid the contract say that CRRC is to send over the electrical diagrams? If the answer is No then you reject the entire car set as suspect.
So a supplier performs their contract but you reject their product due to your own insecurities?
Does the contract have an "out" clause for not feeling good? It seems that you're suggesting the purchaser breach the contract, based only on "bad vibes".

What would you do it the contracted design includes a "report to the manufacturer" feature? Demand that the feature be removed even though it was agreed to as part of the design specs? Force CRRC to re-engineer their vehicles because you changed your mind later as to what was desired? It would be as bad as rejecting the cars because they have pink interiors instead of blue when pink was clearly stated on the design specifications.
  by mtuandrew
 
I agree with STrRedWolf about the basic principle of “if there’s an extra part using power when you don’t expect it, or if a part isn’t functioning within expected tolerances*, reject the car” and “you should demand the electrical diagrams” (which makes sense anyway, the end user needs to be able to service the equipment.) However, how is one able to track down a recorder using microamps, or a piece of code that functions as a normal part of the car’s computer control - until it becomes an exploit - when the end user often struggles to provide traction voltage at 750 VDC +/- 50 volts?

At a certain point, the end user has to expect that there will be parts that don’t function as expected. For CRRC, that might mean that American end users have to specify a non-Chinese control system, which still might not help since most integrated circuit boards are made in China. Back to the drawing board I guess, and to having qualified electricians and computer techs review each car as delivered.

* remember that the WMATA 5000 series had fraudulent labels on power distribution equipment, leading to it being used beyond the equipment’s ratings, leading to fires and catastrophic failure, leading to conflict between WMATA and CAF and the early retirement of the entire series. It’s still unknown how long the faulty equipment was in service, but the 5000s were widely known as the second-most unreliable series on WMATA after the 4000s. https://www.wtop.com/tracking-metro-24- ... aintenance
  by Triaxle
 
"by Greg Moore » Mon Aug 26, 2019 2:00 pm"

I wish there was a 'like' button. Having worked in telecom, I can state that there are many things, some obvious and some not, that an adversary or potential adversary can implant in such systems. It need not do anything dramatic; how about simply having trains go into a fault mode which requires them to limp at 10 kph to the yard, where an intermittent, time-eating, rabbit chasing problem appears? A train doing that in Boston disrupts an entire line, as they have no express tracks and few mid-line pull-out yards. It doesn't take much creativity to invent a dozen sleeping adverse capabilities one can implant in a device as complex as a modern subway car.

Consider the time that the US ambassador to the USSR, Averell Harriman, accepted a gift from the USSR, a perfectly carved wooden replica of the Great Seal of the USA. After receiving it as a 'gesture of friendship', the clueless rich twit hung it on a wall in his Ambassador's residence (in Russia), in an office where he discussed confidential business. Our ally from WWII wouldn't dare spy on us, would they? How could a piece of wood be a spy device? Thus was it placed exactly where the Soviets wanted.

It was, of course, a listening device, only not of the type rich twits understand. It used an early version of an RFID transmitter, so it required no batter and transmitted no signal until activated. The device was eventually discovered. By accident. In business between adversarial nations, anything you don't understand is almost certainly not working in your favor, and anything from an adversary which is integrated into your daily life is probably doing something you don't understand.

http://mentalfloss.com/article/584493/s ... even-years