Why Metro is trying to hack into its own railcars

[InfoSec News <alerts () infosecnews org>]

https://wtop.com/tracking-metro-24-7/2019/03/why-metro-is-trying-to-hack-into-its-own-railcars/

By Max Smith
WTOP.com
March 15, 2019

Metro plans to hack its own new 7000 Series railcars over the next few months 
to figure out whether missing cybersecurity requirements in the contract left 
Metro data exposed or riders at risk.

The "penetration testing" will be completed by the end of August, a response to 
Metro’s Office of Inspector General said. The last of the 748 new railcars are 
due to be delivered within the next year.

"While it is too late to affect the procurement, we will be able to leverage 
this test to identify any severe cybersecurity vulnerabilities in those cars 
and begin the process of remediation," the management response said.

Such "white hat" hacking is a common cyber defense tool, and it's extremely 
important now because Metro had no specific cybersecurity requirements in place 
for contracts beyond some vague references, Inspector General Geoff Cherrington 
said.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_