vulnerabilitiesLawsRailroad HistoryStrategic PlanHomevisual_graphicsassets

Roles of Cyberinfrastructure in Railway Systems

 

The United Stateís cyber infrastructure plays many significant roles in the railroad critical infrastructure.Any vulnerability in this infrastructure could lead to catastrophic exploitations of the railway system which is used to transport biochemicals, weapons, energies, as well as everyday goods across the country.As a result of the priority of the goods being transported, it is just as important to secure and control the databases, logs, and schedules that track these shipments from cyber intrusions as it is to secure the tunnels, bridges, and train yards from physical threats.If a criminal or terrorist organization were able to get into railroad companiesí databases they could find lists of shipments that include important information such as shipment numbers, train numbers, shipment tracking records, shipment contents, and customer financial data and files.

 

Here is the Norfolk Southern Railroad companyís tracking site, called accessNS.

 

https://www2.nscorp.com/accessNS/default.htm

 

 

In the website, it is possible for Norfolk Southern customers to subscribe to the service in order to track their shipments and view the information regarding the shipment.It is possible that hackers could break into the website and steal tracking information on shipments as well as financial records and information on customers of the railroad company giving them the knowledge of what is being moved and where in addition to who it is being moved for.Additionally, massive databases on internal servers contain more sensitive information on shipments and destinations.It is critical to control access to this information.

 

As a response to 9/11, the Department of Defense sectioned off 38,800 miles of railroad that were deemed critical to national defense.These sections were named the STRACNET, or Strategic Rail Corridor Network.The military uses these railways for movements of troops, weapons, and materials to support the military, making these a critical means of transportation.Securing these assets from cyber intrusions is also key in ensuring the proper transportation of these weapons.

 

http://www.globalsecurity.org/military/facility/stracnet.htm

 

Articles Covering Involvement of Cyberinfrastructure in Railways CI

†††††††††††

ESRI GIS and Mapping Software:

http://www.esri.com/news/arcnews/winter0607articles/exploration.html

††††††††††† Chemical and Engineering News:

http://pubs.acs.org/cen/news/83/i12/8312gov1.html

 

††††††††††† Association of American Railroads:

http://www.aar.org/Rail_Safety/Rail_Security_plan.asp

 

 

†††

Railroad Information Sharing Mechanisms and Institutions

 

††††††††††† Following the terrorist attacks of 9/11/2001 on United Stateís soil, the railroad industry has made an effort to secure its information and physical assets.The 2004 subway attacks in Spain also solidified the intentions of the Association of American Railways (AAR) and the Department of Transportation (USDOT) to secure the railway systems in the United States of America.Securing and controlling these assets is accomplished through many authorities and companies, so as a result information sharing is critical to the successful defense of this critical infrastructure.The AAR has created the Surface Transportation Information Sharing & Analysis Center, ST-ISAC, to help create a center for information sharing regarding railway and transportation critical infrastructures.http://www.surfacetransportationisac.org/

 

††††††††††† One method of getting advanced information on threats and sharing this information is outlined here. http://www.surfacetransportationisac.org/news/CriticalInfra.asp

††††††††††† Companies receive top secret tips from Federal Intelligence agencies on coming security threats and attacks, which gives the ST-ISAC and the companies involved in the railroad industry advanced notice and time to correct possible vulnerabilities.These companies also get open information about threats from other ISACs and consultants.However, the Information Sharing and Analysis Centers are the focal points of strengthening defenses and preventing the integrity of the CI from being compromised.

 

Example of Information Sharing in Railroad Industry:

http://www.surfacetransportationisac.org/news/FreightSec.asp

 

GIS and Geographic Reasoning Methods

 

Geographic Information System, or GIS, data is important in evaluating the railroad infrastructure.The most important figures would be the layouts of the railroad systems, population densities around not only military but also commercial railways, as well as data about what zoning is around the railroads (e.g. whether a zone is residential, or commercial).Additionally, information that is provided about other transportation means, such as roads, highways, and airports, as well as factors that measure in other critical infrastructures are important when using GIS data to map out vulnerable and dangerous areas for sabotage of the rail system.

 

 

 

 

Image from http://ssnds.uwo.ca/sscnetworkupdate/2006winter/gissupport.html

 

 

Geographic reasoning can be applied to make sure there are no massive environmental vulnerabilities, such as bridges, or chemical spills into rivers that are parts of much larger watersheds.Overhead satellite images and topographic maps can greatly help to provide insight into particularly vulnerable areas and geographic chokepoints.When combined with GIS data related to population densities and local industry compositions, it is possible to identify high priority infrastructures that have vulnerabilities that can be addressed.

 

Outside Sources for GIS Data and Geographic Reasoning

Federal Geographic Data Committee

http://www.fgdc.gov/nsdi/nsdi.html

††††††††††† United States Geological Survey (USGS)

††††††††††††††††††††††† http://erg.usgs.gov/isb/pubs/gis_poster/#what

††††††††††† Kevin Day and Dr. Christopher Barkan-possible scenario using GIS data and methodology.

††††††††††††††††††††††† http://mae.ce.uiuc.edu/documents/psi_2002_day_presentation.pdf