Transportation securityHackers attack U.S. railways

Published 25 January 2012

Last month hackers took control of passenger rail lines in the Northwest, disrupting signals twice and creating delays

Hackers have seized control US railways // Source:

Last month hackers took control of passenger rail lines in the Northwest, disrupting signals twice and creating delays.

According to Nextgov, which obtained a summary of a 20 December meeting of Transportation Security Administration (TSA) officials , on 1 December train service on an undisclosed railroad “was slowed for a short while,” resulting in a fifteen minute delay across the system.

The next day, hackers once again disrupted signals, but their actions did not result in any delays.

Local rail officials immediately alerted DHS and TSA sprang into action, investigating the incident and providing critical intelligence to train operators to mitigate any potential damage.

Steve Carver, a retired Federal Aviation Administration information security manager and a current aviation security consultant who reviewed the memo, praised TSA’s response, particularly its efforts to provide actionable intelligence to local operators.

This TSA program is a start to bring, at a higher level, an understanding of the national impact to cyberattacks,” Carver said. In contrast, Carver said the U.S. Computer Emergency Readiness Team and the National Security Agency “have provided great information on the particular threat. They don’t say how it has affected others. TSA tells you how it affected others.”

In the TSA meeting summary, officials confirmed the success of its information sharing system.

The processes set in place for government to work with the industry in real-time communications regarding a cyber event aligned superbly,” the memo stated.

Investigators examining the incident believe that foreign hackers may have been responsible for the cyberattacks. For the 1 December attacks, investigators found two IP addresses and a third from the 2 December attack, but did not disclose which country they originated from.

The incident has added urgency to the need for mass transit operators to consider cybersecurity measures.

Amtrak and the freight rails needed to have context regarding their information technical centers,” the memo stated. “Cyberattacks were not a major concern to most rail operators” and “the conclusion that rail was affected by a cyberattack is very serious.”