Seven years ago, a Metrolink passenger train in Los Angeles crashed because the driver was texting on his cellphone instead of paying attention. 25 people died, and the US Congress passed the Railway Safety Improvement Act, which ordered implementation of a new system to prevent future crashes resulting from human error: connect trains to the global positioning system. By connecting trains to GPS, onboard sensors, and a sophisticated network of local computers, trains could be designed to know where they were at any given time-- and to slow down or stop accordingly.
This system is called positive train control, and according to federal regulators, it could have prevented the Amtrak accident in Philadelphia this week that left eight people dead and 200 injured. No one knows why the driver doubled his speed heading into the curve, but there is no doubt that this acceleration caused the derailment to occur.
"I can confidently say that an operational positive train control would have prevented this accident," says Robert Sumwal, a member of the National Transportation Safety Board who is investigating the Philadelphia accident.
How positive train control works
So why was positive train control never implemented in Philadelphia? The reason is sadly predictable: bureaucratic delays. The railway industry and federal government each blame each other for failing to implement the system. Positive train control was supposed to be in place nationwide by the end of 2015-- a time frame that neither side now believes will happen.
Given the number of recent train accidents over the past few years, it's easy to look for easy answers in unproven technology, but is connected rail safe?
Security specialist Marc Goodman calls the Internet of Things "The Internet of Things to be hacked" owing to its primitive-to-nonexistent security protocols. It's an assertion backed up by the FTC, given its recent findings on the woeful state of IoT security, and Hewlett-Packard, whose study last year found the approximately 70 percent of IoT devices are vulnerable to attack.
What happens when hackers start targeting public transit for their amusement? This is precisely what happened in Lodz, Poland when a fourteen year-old commandeered the city's trams with infrared controllers. Early one January morning, the driver began turning his tram to the right, only to have his vehicle veer sharply to the left. The rear cars skidded off the tracks and crashed into another tram coming form the opposite direction.
Did I mention this happened in 2008?
Such hacking becomes even easier when we connect public transportation systems to the Internet. What if hackers take a page from the Stuxnet worm which invaded computers in Iran's nuclear facilities in 2010, causing centrifuges to spin out of control until they rendered themselves inoperable?
In Iran, operators relied on the accuracy of data displayed on computer monitors-- never realizing that these monitors had been hacked to make it appear that everything was operating smoothly. Such screen-spoofing could fool a train conductor into thinking the station is several miles distant, when it is, in fact, less than a mile away. Or it could make it look like the train was traveling at 50 miles an hour, when it is actually traveling much faster as it heads into a sharp turn.
Welcome to the world of Industrial IoT hacking.
Professor David Stupples recently told the BBC that the UK government's plans to install Internet-connected systems on the European Rail Traffic Management System will render it open to cyber attack-- an assertion glumly acknowledged by Network Rail:
We know that the risk will increase as we continue to roll out digital technology across the network. We work closely with government, the security services, our partners and suppliers in the rail industry and external cybersecurity specialists to understand the threat to our systems and make sure we have the right controls in place.
If that doesn't inspire much confidence, trust your instincts: once the new system is fully installed, automated computer systems will control such critical safety factors like train speed and how long a train should take to slow down. According to Stupples, one of the main vulnerabilities to the system is the threat of being manipulated by rogue employees:
"The weakness is getting malware into the system by employees. Either because they are dissatisfied or being bribed and coerced."
Professor David Stupples
Given the tragic accident in Philadelphia, as well as last year's train crash at Chicago's O'Hare Airport, it is only natural to seek newer, more effective ways to make public transportation safer. But the abysmal state of IoT security should give us a moment of pause before we connect our most trusted systems to the Internet.
Without real security, Internet-connected trains could become weapons of mass destruction.
Top Comments