Railroads are an integral and growing part of the US economy, and it is
critical that the huge network of rail infrastructure is maintained. Railroads
are among the targets for cyberterrorists, and successful attacks can cost
companies millions of dollars.
Railroads can be vulnerable due to the complex systems often relying on out of
date security measures being located in many geographical locations. For
instance, the SIBAS (Siemens Railway Automation System) train protection system
used in Europe uses a WinAC RTX controller, which is exploitable through its
HTTP web server. Additionally, researchers found that CBI (computer based
interlocking) or train signaling system can be vulnerable to social engineering
attacks that can cause major damage to a railroad system. Railroad employees
should be better prepared against social egineering attacks than they currently
are. Some trains are also vulnerable to GSM jamming as they use GSM-R SIM
cards. GSM jammers are commercially available and in some systems can cause a
train to stop due to lost connection. With more advanced technology being used
in railroad systems, these systems are opening themselves up to more
vulnerabilities.
Both public and private entities must contribute in their own ways to warding
off cyber threats to railway infrastructure. Additionally, other key
infrastructures such as power, must also stay secure and resilient as the
railways rely on them as well.
