Norfolk Southern believes a software defect — not a hacker — was the cause of the widespread computer outage that forced the railroad to park all of its trains for most of a day earlier this week.
The railroad said Friday that it traced Monday’s problem to a defect in the software one of its vendors was using to perform maintenance on its data storage systems.
Both the railroad’s primary and backup systems became unresponsive at the same time. The update was made to one system and then automatically copied to the other system allowing the defect to spread. Norfolk Southern didn’t identify the vendor except to call it “a leading global technology provider.”
The railroad, based in Atlanta, reiterated that it has found no evidence that the outage was caused by “an unauthorized cybersecurity incident.”
Norfolk Southern said it has been making progress in clearing up the backlog of trains that accumulated while its network of nearly 20,000 miles of track in the Eastern U.S. was shut down. The railroad has been working to keep its customers updated on their shipments, but it has said the effects of the outage could linger for a couple weeks.
Regulators have been scrutinizing Norfolk Southern’s operations ever since a fiery February train derailment in Ohio forced thousands of people to evacuate their homes because of concerns about the toxic chemicals the train was carrying. The cleanup from that derailment is ongoing.
A package of railroad safety reforms members of Congress proposed after the Ohio derailment has stalled in the Senate and has yet to get a hearing in the Republican-controlled House.
Related: Two Men Arrested Following Poland Railway Hacking
Related: New TSA Directive Aims to Further Enhance Railway Cybersecurity
Related: Belarus Hacktivists Target Railway in Anti-Russia Effort
Related: TETRA Radio Standard Vulnerabilities Can Expose Military Comms, Industrial Systems
More from Associated Press
- National Security Agency is Starting an Artificial Intelligence Security Center
- A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says
- Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
- UK’s New Online Safety Law Adds to Crackdown on Big Tech Companies
- MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks
- California Law Restricting Companies’ Use of Information From Kids Online Is Halted by Federal Judge
- Two Vegas Casinos Fell Victim to Cyberattacks, Shattering the Image of Impenetrable Casino Security
- TikTok Is Hit With $368 Million Fine Under Europe’s Strict Data Privacy Rules
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
