Cybersecurity on freight railroads – a regulatory matter?

Total carloads still down but intermodal has a stronger week.

David C. Lester

Concern over computer hacking of critical infrastructure, and even of our political elections, permeates the entire U.S.  The more we come to rely on digital and automated processes, the more dependent we are on cybersecurity procedures and technology to protect them.  Most agree our reliance on digital systems has outpaced our ability to protect them.

Digital platforms have become the bedrock on which most railroad operations rest, and the industry is working to figure out how to protect these platforms from digital invaders.  Without such protection, hackers could wreak havoc on the operation of freight railroads.

FreightWaves is reporting that work to protect digital systems on the railroad is driven in part by federal regulations.

Amir Levintal, CEO of Cylus, a company in Israel that provides cybersecurity remedies for railroads, and has clients in North America, Europe, and Asia, said “The awareness [among freight and passenger railroads] is very high. There are many reasons, but one is that regulation in each country has started to focus on cybersecurity for critical infrastructure, and particularly for rail. The reason for rail is because the impact of that trains have on the economy.”

One example of federal regulation in the U.S. oversight of positive train control (PTC) systems.  The security of PTC systems is mandated by the Federal Railroad Administration (FRA), but the railroads must decide for themselves how to best protect their systems.

Levintal identified some risks to freight rail operations that are posed by hackers:

One is what Levintal describes as the “safety-critical network,” which he describes as the locomotive, rolling stock, and the signaling system.  Hackers could possibly send a message for a train to stop, which, needless to say, would reverberate not only through the rail system, but the entire supply chain, as well.

Levintal said “If someone is sending a message to the safety-critical network and doing something that is not safe or not standard, the train will stop. It’s very easy to stop a freight train and then impact the profitability of a company.”

As mentioned earlier, technology implementation is considerably ahead of our ability to protect it.  For example, much of the technology used in PTC systems has been around for several years, and new threats to the security of this technology arise frequently.

Levintal adds, “Usually attackers are trying to find the weakest link in the train, and interoperability or integration between two technologies usually leaves a weak link that might have vulnerabilities.”

Most would agree that as technology continues to evolve, efforts to protect it from hackers will evolve, too.  And, hopefully, we will reach a point where digital systems are well protected from hacking.  Meanwhile, though, the industry must be vigilant and work with partners to protect the systems during this period of “catch up.”

Source:  FreightWaves

For the latest news, go to rtands.com.