Dragos Discusses Possible Vulnerabilities in Positive Train Control (PTC)

  • Issue

    19 October 2021

  • Editor

    Joseph Agres

  • Editor in Chief

    Amery Smock

  • Date

    10/16/2021

  • Analysis

    ICS security vendor Dragos released a blog post discussing possible weaknesses in the US government-mandated Positive Train Control (PTC) system. PTC technology is designed to prevent train-to-train collisions or derailments caused by unauthorized train movement onto sections of track where maintenance activities are taking place.
    Dragos expressed concerns that wifi and cellular modems used in PTC installations may provide attack paths for various threat actors. Dragos mentioned Meteorcomm as “the single supplier across most PTC installations in the U.S.” and warned that “a vulnerability in the design of Meteorcomm PTC radios would likely impact rail infrastructure across the country.”
    While we are unaware of the public disclosure of such vulnerabilities, the specificity of Drago’s comments and the recent TSA announcement of impending regulations for the rail transportation sector [2], may raise concerns. We recommend rail transportation providers check the configuration of these wireless PTC systems.

  • Sources

    [1] Dragos Positive Train Control Overview https://www.dragos.com/blog/positive-train-control-ptc-expands-cyber-attack-surface-for-rail-systems/
    [2] The Record https://therecord.media/tsa-to-issue-new-cyber-regulations-for-rail-aviation-sectors/

  • Analyst

    Ryan Bringhurst

Previous Page | Back to Home

Subscribe

Note: The email address you provide will be stored and used for the sole purpose of sending the Industrial Cybersecurity Current Intelligence Digest. It will not otherwise be shared, sold, or intentionally disclosed. You may unsubscribe at any time by following the unsubscribe link included in each email.