Cybersecurity in the Railroad Industry: Beyond Locking Doors, Toward Comprehensive Protection

September 14, 2023

Posted by Larry B. Jordan

Cybersecurity is top of mind in the railroad industry today ahead of new TSA regulations coming out this month. Security, both cyber and physical, has always been a critical aspect of the railroad. This is not a new issue – going back to the 19th century, Wells Fargo encountered significant security issues, with train robberies being the main concern. Today, these issues are more than just physical.

As an IoT provider, the focus on cyber security has been central to the Wi-Tronix business for nearly twenty years since being founded in 2004. The safety of customer data is a critical part of business, and creating standards focused on cybersecurity is helpful, but we must be cautious that the issues we address are outcome-focused and not burdensome. What specifically is the problem we’re trying to solve?

Digital infrastructure is critical to the nation’s economy, but are we pointing fingers in the right places?

If someone tried to break into your home, there would be police officers there to arrest them. From a cyber perspective, Wi-Tronix has someone trying to break in thousands of times a day. Yet rather than arresting the wrongdoers, the government is telling us that we should quadruple lock our doors. Why does the government let the criminals roam free in cyberspace?

To protect against physical security threats during the Old West era, Wells Fargo employed armed guards who traveled on express messengers to safeguard valuable items to ensure the safe passage of these shipments. Despite these efforts, train robberies highlighted the need for ongoing innovation in security strategies to safeguard valuable cargo during rail transport operations.

Innovations in security strategies were essential for Wells Fargo to adapt to the changing landscape of criminal activities. As technology advanced, Wells Fargo incorporated modern tools and equipment to enhance security for better reliability. But they also collaborated with law enforcement to improve security. This partnership facilitated the sharing of information, intelligence, and resources to both prevent and respond to security threats effectively. These measures not only protected the company’s valuable cargo but also contributed to the broader development of security practices in the transportation industry.

If cyber-attacks are something that happens to everyone, why isn’t the government doing something to avoid solely telling people to lock their doors? Just like the police would arrest someone breaking into my house, what’s different from the rail industry? This is no longer the wild-wild West, and even then, collaboration with law enforcement should be a basic protection the government should be providing. The government needs to take the initiative to stop the criminals that are causing cyberattacks. It’s not a sustainable model against cybersecurity threats; the government is not providing a basic, secure infrastructure.

The government has a role in cybersecurity issues, but it’s different from making regulations – we aren’t waiting for a regulation to make sure we’re cybersecure. I’d love to hear your thoughts on this topic.