American train: cyberattack on a rail network

The Sentryo Files is back for a second season with its analysis of emblematic cyberattacks! This third episode of season 2 takes a look back at a cybersecurity incident that hit CSX Corporation, a company focused on rail-based freight transportation services.

Cyberattack on the US railway network

On August 20 2003, the Sobig.F virus and the Blaster worm simultaneously spread throughout the control system of CSX Corporation causing disruptions in rail traffic throughout the eastern United States.

How the attack played out and its impact on rail traffic

Causing train signaling systems to slow down and then eventually stop, the computer viruses disrupted traffic in 23 states in the eastern half of the US. CSX managed to quickly neutralize the viruses and reboot its services (that same day) without causing traffic accidents or material damage.

The simultaneous spread of the Sobig.F and Blaster viruses
The Sobig.F virus is a mass mailer that quickly spread on networks in 2002 and 2003 via malicious emails. The Blaster worm is capable of automatically infecting a PC because it takes advantage of a Windows security flaw. The workstations infected were supposed to carry out a denial-of-service attack against a Windows Update, but the IT company thwarted them in time.

Lessons learned from this cyberattack on a rail network

CSX could have implemented various measures to prevent or limit the scope of this attack:

  • Building awareness among users of good computer hygiene and how to deal with malicious emails (phishing)
  • Updating virus databases on an ongoing basis to detect malicious programs before infections spread to workstations and the network
  • Securing office equipment applications that limit the spread of viruses
  • Precisely mapping (and updating) the different networks
  • Monitoring industrial equipment with a suitable security solution
  • In the event of infection, neutralizing infected servers as quickly as possible

This attack of average complexity was not targeted: its only goal was to spread a general virus throughout the industrial system. The attack had such a wide impact mainly because users had not received awareness training and because of obsolete systems. Although no serious material or human consequences occurred, the incident CSX Corporation endured could have had a serious impact on company equipment and even on the lives of passengers.

Although heads of transportation infrastructure are now more aware of the risks, attacks on rail networks are increasingly frequent. Given the widespread automation in railway transportation, securing the industrial networks controlling these infrastructures is today a strategic challenge for rail companies such as the French SNCF and requires particular attention when it comes to combating potentially serious risks.