Hackers Attack US Rail Computers

According to a government memo, hackers attacked the computers of a Northwest rail company two days in a row in December, disrupting railway signals. Train services on the unnamed railroad were slowed down for a little while on December 1, delaying rail schedules by about 15 minutes. The day after that, a second attack occurred just before rush hour, but it didn’t affect train schedules.

This information was revealed in a summary about the incidents by the Transportation Security Administration (TSA), which is responsible for protecting all US transport systems. The summary was obtained by NextGov, a website that offers news and commentary on government technology and business. According to the memo, Amtrak and freight carriers “needed to have context regarding their information technical centers”. Most rail operators haven’t viewed cyber attacks as a major concern, but it’s very serious that the railways have now been affected by one.

Strides have been made by the government and industries in sharing threat intelligence, but there hasn’t been a big focus on informing the people who operate highways, subways and other transit systems. Retired Federal Aviation Administration (FAA) information security manager and current aviation industry consultant Steve Carver says the recent memo from the TSA was unique, as it told operators how the breach interrupted normal activities. The outreach programme is the beginning to a higher level of understanding about the impact of cyber attacks on the country. The National Security Agency at the Pentagon and the US Computer Emergency Readiness Team have provided a lot of information on the specific threat, but while they don’t say how it affected others, the TSA does.

Several TSA personnel have been praised in the incident summary for explaining how the situation unfolded in context. The TSA acted under the assumption that the attack may pose a greater danger to the US transport system after it was suspected that the attack was intentional rather than a glitch. The information needed to diffuse the issue was made available to the train operators affected.

Officials have been led to believe that the cyber attack was done from abroad, with two IP addresses discovered from the December 1 breach and another from the second breach. However, it’s unknown what country the attack originated from.

However, Department of Homeland Security (DHS) officials said on Monday that it appears the breach may not have been a targeted attack, following further analysis. Spokesman Peter Boogaard said that a Pacific Northwest transport entity reported on December 1 that a potential cyber attack could affect train services. The DHS, FBI and federal partners stayed in contact with representatives from the entity to support their mitigation activities. They also remained in contact with state and local authorities to send notification alerts to the transportation community about the activity.