The greatest security risk to rail networks is arguably online rather than onboard. With cyber attacks on railway networks speckling the globe in recent years, the growth in rail cyber security awareness is on the rapid uptick. As bad actors have successfully compromised rail networks in Denmark, the UK, San Francisco, Germany, Poland, and more, governments and standards bodies have been responded to require security best practices to protect railways’ geographically dispersed critical infrastructure.
Contemporaneously, railway infrastructure is undergoing government mandated large-scale safety upgrades for accident prevention, particularly in the United States where Positive Train Control (PTC) implementation for Class 1 railways was enacted into law in the Rail Safety Improvement act of 2008 (RISA). Scheduled for completion in 2020, the PTC roll-out is occurring at a time when accident prevention – both by a human operator, and by cyber-attack – is front of mind for operators, lawmakers, and regulators alike.
Class 1 railroads across the US have invested close to $11 billion in the development, installation, and implementation of PTC. The technology is meant to prevent four main types of accidents: train collisions, derailments due to speeding, trains entering maintenance track sites, and a train traveling through an improperly aligned switch. PTC technology achieves this through locomotive-borne devices linked to a central dispatching system via wireless communications. If an operator exceeds an authorized speed or movement authority, automation on the locomotive brings the train to a full stop. PTC eliminates many risks of accident and mis-operation due to human error.
Unfortunately, locomotive and signaling system mis-operation is not limited to human error. Rail system operators are increasingly aware of the risk of cyber sabotage. The simplest cyber attacks – common malware and ransomware – can impair operations so thoroughly that rail systems must be shut down for safety reasons while computers systems are restored from backups. More sophisticated and more malicious attacks can have more serious consequences.