4 minute read
Last Stop
David C. Lester
“MANY CITIZENS SEEM TO FEEL THAT CYBERATTACKS ARE NOT AS DAMAGING OR DANGEROUS AS PHYSICAL ATTACKS. Cybersecurity and the railroads
Monitoring a growing threat
By David C. Lester, Managing Editor
Imagine waking up one morning and learning from your preferred news source that agents from an adversarial nation-state were fanned out across the country, stealing information and documents from private corporations and government agencies. This horrific news would occupy headlines of every news outlet in the country, and Americans would naturally be stunned and scared.
While we haven’t had headlines such as these, we might as well have. The information and investigative cyberattacks the nation has been dealing with for years, and malware placement in U.S. systems by bad actors, have the same impact as physical invasion or attack. While not as dramatic or receiving the same amount of news coverage, our computer networks’ vulnerability is shocking.
Why, for example, after suffering through cyberattacks for more than a decade, does the U.S. find itself vulnerable to two recent massive cyberattacks allegedly conducted by Russian and Chinese actors? Each day we learn the intrusions’ depths were more significant than we thought, accompanied by statements that officials don’t know how far the attack went and it will likely take years before we can unravel it all. We often hear top officials testifying before Congress and speaking at conferences to share the message that our systems are safe and secure, only to have the rug pulled out from under their remarks by an unforeseen “unprecedented” cyberattack that no one saw coming. Indeed, at this writing, The New York Times just reported that Rep. Mike Gallagher (R-Wis.) recently said, “When not one but two cyberattacks have gone undetected by the federal government in such a short period of time, it’s hard to say we don’t have a problem. The system is blinking red.”
Many citizens seem to feel that cyberattacks are not as damaging or dangerous as physical attacks. The average person can’t see what’s going on and often concludes that doing something nefarious on a computer cannot be all that bad. I recommend that Americans learn more about cyberattacks, and the threat they pose to our country. In my opinion, one of the best sources of information is “The Perfect Weapon—War, Sabotage, and Fear in the Cyber Age” by The New York Times national security correspondent David E. Sanger (Broadway Books, paperback, 387 pages, 2018-2019). This is a riveting and grave account of cyberwarfare that we ignore at our peril. A more recently published book, “This Is How They Tell Me the World Ends” by The New York Times national security journalist Nicole Perlroth (Bloomsbury Publishing, 491 pages, 2020) is an equally powerful report on the dangers of cybersecurity lapses.
What does this have to do with railroads? Plenty. Railroad technology, specifically computer technology, has advanced significantly over the past 20 years. Just about everything a railroad does, including dispatching, routing, customer shipment monitoring, financial transactions, and recordkeeping, are entirely dependent on computer technology. That includes critical infrastructure like Positive Train Control. All this technology connects through networks, with most of them running on Internet connections.
The railroads have robust cybersecurity tools in place, and they take cybersecurity seriously. The industry has formed what it calls the Rail Information Security Committee, which the AAR says “is the focal point of the industry’s unified, cooperative efforts for cybersecurity.” Railroads also have one or two members of their cyber teams with secret security clearance from the U.S. and Canadian governments to participate in classified briefings on cybersecurity issues. Participation in these briefings ensures that the carriers have current intelligence to better protect their railroad’s technology networks.
Detailed, proactive planning and threat mitigation is needed. It’s challenging, though, because these efforts are costly. Unless there is a new, immediate threat, organizations may be hesitant to spend lots of money preparing for something that “may” happen. However, failure to be as proactive as possible in protecting our systems can lead to serious, even catastrophic, problems down the road.
A version of this article recently appeared in Railfan & Railroad magazine and is reprinted here with permission.
Congratulations AREMA 2021 Scholarship Winners
Gary A. Babcoke III
Penn State University Altoona Norfolk Southern Foundation Scholarship
Max Barnes
Leonel Evans
Walter H. Friesel
Olivia N. Hansen
Illinois Institute of Technology William E. and Barbara I. Van Trump Scholarship
Brevel G. J. Holder
Zoe Kyle-Di Pietropaolo
Samantha Lau
Matthew M. Parkes
University of Illinois Urbana-Champaign Union Pacific William E. Wimmer Scholarship
Geordie Roscoe
University of Illinois at Urbana-Champaign New York Central Railroad Memorial Scholarship
Soumya Sharma
North Carolina State University North Carolina Railroad Company Scholarship
Taylor Wyatt
University of South Carolina CSX Scholarship
Jiaxi Zhao
University of Illinois Urbana-Champaign Canadian National Railway Company Scholarship
Material Conveyor and Hopper Car
Plasser‘s Conveyor and Hopper cars MFS40 and MFS60 are designed for a fast and effi cient transport of ballast, spoils or other materials in train formation to and from various work sites. The advantage of the MFS is its versatility in operation. It has the ability to transport, store, load, and unload of materials as a single unit or with other like units, and can also be used in combination with the Plasser Ballast Distribution System BDS100/200, various Ballast Undercutting & Cleaning machines and the ULS-3000 Unloading Station.
