Last December, train service and rail schedules were disrupted, according to a TSA memo, after intruders managed to access the network of a rail company in the Pacific Northwest. Initially, the incident was thought to be a targeted attack, but further investigation shows that wasn’t the case.
Government News portal, Nextgov, broke the story after they obtained a memo from the TSA that reported on an attack detected at the unknown rail company, which disrupted railway signals for two days, and delayed schedules for about 15 minutes. This occurred on Dec. 1, and the following day a second incident was detected, but it caused no additional disruptions.
Investigators at the TSA reportedly identified three IP addresses, which led them to conclude that the attacks were intentional and originated from overseas. They would not however, mention the IP origin.
“Some of the possible causes lead to consideration of an overseas cyberattack,” the memo explained, offering nothing further.
As it turns out, after talking to the Department of Homeland Security – the agency that manages the TSA – the attack wasn’t as deliberate as it first appeared. Nextgov reports that officials there told them the attacks were a random event.
The dispute was also confirmed on the record to Nextgov, by a spokeswoman for the Association of American Railroads. “There was no targeted computer-based attack on a railroad,” said Holly Arthur.
“Railroads closely monitor cyber security as a fully integrated part of both the industry’s overall security plan, as well as individual company plans. Continuous coordination on cyber security occurs across the industry and with the federal government.” The Nextgov report is here.