Short answer: Yes.

Heavy transportation equipment has grown increasingly insecure and vulnerable to cyber attacks. This equipment is reliant upon onboard embedded computers that run software and firmware, which can be compromised by motivated adversaries. There are few, if any, existing cyber security monitoring solutions and the transportation industry hasn’t invested or deployed technologies to control software and firmware configurations onboard.

To be clear, we are specifically talking about cyber vulnerabilities in serial bus-based operational technology (OT), which is different from Information Technology (IT). OT on a locomotive consists of various computer systems connected to serial buses that control the vehicle’s mechanical functionality.

Because these systems evolved over time from mechanical, to analog augmented systems, to full digital systems, they were built with no, little, or outdated cyber attack defense capabilities.

They were never designed for a hostile cyber environment.

Risk continues to grow as systems are increasingly digitized, networked, and reliant upon vulnerable onboard computers. As IT cyber security continues to strengthen every year, attackers look for easier targets. OT systems that control physical outcomes are becoming an increasingly attractive target due to their lack of security, monitoring capability, and ability to cause dramatic real-world effects.

What can be done to strengthen rail cybersecurity?

There are multiple factors that come into play for enabling proper cybersecurity for railroads:

  • OEM’s (Original Equipment Manufacturer’s) are exploring development of secure systems, however, they often face hurdles due to the nature of the supply chain they rely on to supply sub components and parts that must be integrated into a complete system.

  • Federal guidance and regulation need to be established to avoid a reactionary marketplace when it comes to rail cybersecurity.

  • There needs to be a shared responsibility between equipment operators and manufacturers regarding the onboard cyber security on locomotives.

  • It is imperative that the industry stays current and educated on the degree of automation and digitization within rail. This will prevent overlooking present day cyber risks to business operations and safety.

How can Shift5 help?

Collectively, Shift5 has spent decades living and breathing heavy vehicle data. Our founders were among the first members of the US Army Cyber Command where they were charged with keeping heavy ground vehicles and military aircraft safe from cyber attacks. Many of these platforms share the same internal components and serial communications networks as today’s passenger and freight locomotives.

Today, we have built a compelling solution that protects new platforms that involve monitoring all onboard data networks, providing cyber security, and delivering value by advanced data capture applications. Furthermore, Shift5 has found that this is no longer just a cyber security problem; industry leaders can increase safety while also providing valuable data insights that save operators money and provide OEM’s insights into current equipment utilization.

Learn more about Shift5 for Rail Solution