After several control system cyber-related rail incidents, I did a more detailed assessment to better understand the scope and impact of cyber-related incidents in the rail sector. Most of the rail cyber incidents have been IT cyberattacks resulting in breach of personal information, compromise of credit cards, signage compromise, etc. Existing government and industry cybersecurity guidelines have focused on these IT issues.
The government and industry cybersecurity guidelines have often failed to address the control system cyber issues that have resulted in catastrophic control system cyber rail incidents. As expected, safety issues were with signaling, switching, positive train control and track integrity, which are not IP network issues. There have been more than 50 control system cyber-related rail incidents internationally that affected reliability and safety. There have been many more catastrophic rail incidents that were not cyber-related such as manually changing switch positions into unsafe conditions, ignoring track-side signals or exceeding speed limits. Rail cyber-related incidents have occurred in municipal railways, mass transit, long-distance passenger rail and freight, killing more than 490 people. These cases include both unintentional as well as malicious attacks. There were also several “near misses” where rail personnel were able to stop trains before catastrophic crashes occurred.
Examples of catastrophic control system rail cyber incidents included the Big Bayou Canot rail accident. This was caused by displacement of a span and deformation of the rails when a tow of heavy barges collided with the rail bridge. The collision forced the unsecured end of the bridge span approximately three feet out of alignment and severely kinked the track. The track circuit controlling the bridge approach block signals remained closed (intact), and the nearest signal continued to display a clear (green) signal as the rail was not broken. 47 people were killed and 103 more were injured.
In another example, the National Transportation Safety Board found that the DC Metro track circuit had been suffering from parasitic oscillations, which left it unable to reliably report when that stretch of track was occupied by a train, which meant the train dispatcher was effectively “blind”. The struck train came to a stop because of traffic ahead. Because the entire train was within the faulty circuit, it became invisible to the automatic train control system. The train behind it was therefore commanded to proceed at 55 miles per hour. The operator of the striking train applied the emergency brake after the stopped train came into full view, but there was not enough time to prevent the collision, which killed nine and injured 80.
An example of a malicious rail cyber incident occurred earlier this year when hackers broke into railway frequencies to disrupt rail traffic in northwest Poland. The incident occurred when hackers transmitted a signal that triggered an emergency stoppage of trains. About 20 trains were brought to a standstill.
An example of a catastrophic near miss was a signal sent to the automatic train control system that caused a speed increase signal to 80 miles per hour while coming into the station. The operator took manual action to prevent a catastrophic accident.
Like other industries, rail control system cyber incidents are generally classified as mechanical or electrical failures with no cyber incident response activities. As a result, rail control system cyber-related incidents continue to recur, the most recent being Oct. 29, 2023, as there has been minimal information sharing and no training to identify or address control system cyber-related incidents. Given the request for additional Amtrak funding, shouldn’t control system cybersecurity be included?