Dragos Discusses Possible Vulnerabilities in Positive Train Control (PTC)
Issue
19 October 2021
Editor
Joseph Agres
Editor in Chief
Amery Smock
Date
10/16/2021
-
Analysis
ICS security vendor Dragos released a blog post discussing possible weaknesses in the US government-mandated Positive Train Control (PTC) system. PTC technology is designed to prevent train-to-train collisions or derailments caused by unauthorized train movement onto sections of track where maintenance activities are taking place.
Dragos expressed concerns that wifi and cellular modems used in PTC installations may provide attack paths for various threat actors. Dragos mentioned Meteorcomm as “the single supplier across most PTC installations in the U.S.” and warned that “a vulnerability in the design of Meteorcomm PTC radios would likely impact rail infrastructure across the country.”
While we are unaware of the public disclosure of such vulnerabilities, the specificity of Drago’s comments and the recent TSA announcement of impending regulations for the rail transportation sector [2], may raise concerns. We recommend rail transportation providers check the configuration of these wireless PTC systems. -
Sources
[1] Dragos Positive Train Control Overview https://www.dragos.com/blog/positive-train-control-ptc-expands-cyber-attack-surface-for-rail-systems/
[2] The Record https://therecord.media/tsa-to-issue-new-cyber-regulations-for-rail-aviation-sectors/
Analyst