Hackers manipulated railway computers, TSA memo says

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/nextgov/ng_20120123_3491.php

By Aliya Sternstein
Nextgov
01/23/2012

Hackers, possibly from abroad, executed an attack on a Northwest rail 
company's computers that disrupted railway signals for two days in 
December, according to a government memo recapping outreach with the 
transportation sector during the emergency.

On Dec. 1, train service on the unnamed railroad "was slowed for a short 
while" and rail schedules were delayed about 15 minutes after the 
interference, stated a Transportation Security Administration summary of 
a Dec. 20 meeting about the episode obtained by Nextgov. The following 
day, shortly before rush hour, a "second event occurred" that did not 
affect schedules, TSA officials added. The agency is responsible for 
protecting all U.S. transportation systems, not just airports.

"Amtrak and the freight rails needed to have context regarding their 
information technical centers," the memo stated. "Cyberattacks were not 
a major concern to most rail operators" at the time, adding, "the 
conclusion that rail was affect [sic] by a cyberattack is very serious."

While government and critical industry sectors have made strides in 
sharing threat intelligence, less attention has been paid to translating 
those analyses into usable information for the people in the trenches, 
who are running the subways, highways and other transit systems, some 
former federal officials say. The recent TSA outreach was unique in that 
officials told operators how the breach interrupted the railway's normal 
activities, said Steve Carver, a retired Federal Aviation Administration 
information security manager, now an aviation industry consultant, who 
reviewed the memo.

[...]


_____________________________________________________
Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
http://www.infosecnews.org/mailman/listinfo/isn