Train Track Cyberattacks? 3 Crashes In 49 Days Raise Security Concerns

A train traveling from New York to Miami struck a freight train Sunday morning, leaving two people dead and 116 others injured, authorities said.

The crash occurred in Cayce, South Carolina around 2:45 a.m. Sunday, Lexington County spokesperson Harrison Cahill said.

This marks the third deadly AMTRACK train collision in 49 days, including a train carrying dozens of Republican members of Congress on the way to a retreat in West Virginia last week.

Norfolk Southern Railway, which operates the AMTRACK railroad in the area, launched a specialized safety initiative in 2015 called Operation Awareness & Response (OAR) to “to educate the public about the economic importance of the safe movement of hazardous materials by rail and to connect emergency first responders.”

And in 2016 they put a dedicated safety train with “2 specially equipped flat cars to provide hands-on training,” which later earned them the WorldSafe Award from the Safe America Foundation for superior “health and safety” initiatives.

“South Carolina Gov. Henry McMaster said the CSX freight train was on a loading side track ‘where it was supposed to be’ before the collision and the Amtrak train was ‘on the wrong side.’ He did not elaborate,” reported CBS News Sunday.

Miscommunication is a possible cause of the collision, but given the exhaustive steps Norfolk Southern takes to ensure safety, including a specialized police force, it is unlikely a collision of two trains on the same track happened by accident.

As a 2016 Popular Science article pointed out, even sophisticated track systems are “vulnerable to hacking,” and warned bad actors could exploit those vulnerabilities to access the train control systems.

“The flaws were exposed by German whitehat security researchers SCADA Strangelove, who have previously looked at security flaws in green energy systems and smartgrids,” Popular Science reported.

“One problem is that some switches require constant access to the internet, and if that signal is lost the trains stop automatically. More embarrassing, for one of the train systems they looked at there were still default passwords associated with admin accounts, leaving access to the system wide open.”

“…While trains can’t be commandeered and stolen like other vehicles, there is still plenty that can go wrong if a malicious attacker takes control, with delays at a minimum and train-on-train collision as the scarier risk.”

It’s worth noting that drivers who regularly cross the railroad intersection in Virginia where the GOP train collision took place recalled the crossing arms were malfunctioning the day before the incident.

“Drivers who regularly use a rural Virginia railroad crossing where a train carrying GOP lawmakers slammed into a truck and killed a passenger said the crossing arms appeared to be malfunctioning the day before the crash,” reported the New York Post.

“Jane Rogers, who crosses the intersection almost every day, said she got stuck there Tuesday because the arms were lowered even though no train was coming.”