• Events and Webinars
  • Resources
    • Blog
    • Case Studies
    • News
    • Newsletter
    • Infographics
    • Papers
    • Posters
    • Video
  • Careers
    • Careers at HBS
    • Open Positions
    • Student Opportunities
  • About HBS
    • About Us
    • Leadership
    • Locations
    • Partners
    • Green Initiatives
  • Events and Webinars
  • Resources
    • Blog
    • Case Studies
    • News
    • Newsletter
    • Infographics
    • Papers
    • Posters
    • Video
  • Careers
    • Careers at HBS
    • Open Positions
    • Student Opportunities
  • About HBS
    • About Us
    • Leadership
    • Locations
    • Partners
    • Green Initiatives
HBS logo
HBS Logo
  • Infrastructure
    • CLOUD

      • Cloud Solutions
      • Public Cloud
      • Hybrid Cloud
      • Infrastructure as a Service
      • Cloud Security Solutions
      • Backup, Replication and Disaster Recovery
      • HBS Cloud Hosting Services

      DATA CENTER

      • Data Center Solutions
      • Traditional Data Center
      • Hyperconverged
      • Colocation
      • Directory Services
      • Cloud Email and Calendar Solutions

      NETWORK AND ACCESS

      • Network Infrastructure
      • Enterprise Mobility
      • Wireless Solutions
      • SD-WAN
      • Structured Cabling
      • Staff Augmentation
      Data Center Solutions blue gradient background badge with white text
  • Managed Services
    • MANAGED ONE

      • Managed One Overview
      • Managed Backup and Disaster Recovery
      • Managed Email and Collaboration Security
      • Managed Firewall

       

      • Managed HaaS and SaaS
      • Managed IT Help Desk
      • Managed Network and Server Monitoring

      HBS + PARTNER SOLUTIONS

      • HBS Secure with Verkada
      • HBS Collaborate with Webex
      • Managed XDR
      HBS Managed One Megamenu Graphic
  • Modern Workplace
    • MICROSOFT

      • Microsoft Licensing Management
      • Microsoft Modern Workplace
      • Microsoft Copilot
      • Microsoft Fabric
      • Microsoft Funding Opportunities

       

      • Dynamics 365 Business Central
      • Dynamics 365
      • Dynamics GP

      COLLABORATION

      • Audio Visual
      • Unified Communication Solutions
      • HBS Collaborate with Webex
      HBS Collaborate with Webex blue gradient background badge
  • Professional Services
    • ADVISORY

      • Virtual CISO
      • Virtual CIO
      • Project Management
      • IT Business Consulting

      ENGINEERING SERVICES

      • Staff Augmentation

      AI & ANALYTICS

      • Artificial Intelligence
      • AI Advance
      • AI Predict
      • AI Assist
      • Data Management and Analytics
      • Microsoft Copilot
      • Microsoft Fabric

      APPLICATION INNOVATION

      • Website Development
      • Application Development

      DOCUMENT MANAGEMENT

      • Document Management Services
      • Document and Check Scanners
      Discover your AI Readiness blue gradient background with white text. Bottom right photo of young man in glasses smiling while looking at laptop. Red to green temperature gauge png
  • Security
    • CYBERSECURITY

      • Managed XDR
      • Penetration Testing
      • Vulnerability Scanning
      • Email Security Services
      • Digital Forensics and Incident Response
      • Backup, Replication and Disaster Recovery
      • Firewalls
      • Cloud Security Solutions

       

      • Virtual CISO
      • Virtual Security Team
      • Virtual Security Engineer
      • Cybersecurity Risk Assessment
      • Governance and Compliance
      • SOC 2
      • CMMC
      • Managed Security Awareness Training

      PHYSICAL SECURITY

      • Security Solutions
      • HBS Secure with Verkada
      Cybersecurity Risk Assessment Megamenu Graphic
  • Search
Contact Us
Blog

Managing Cybersecurity Risk in America’s Modern Railroads

  • Written by: Dan Eness
  • January 5, 2023
Image of Trains from Above

In 2015, a single rail system suffered 2.7 million hacking attempts in less than two months…in a simulation.

Project Honeytrain, a massive cybersecurity experiment conducted by two prominent security companies, Britain’s Sophos and Koramis of Germany, tried to name risks to industrial transportation infrastructure by creating a fake railroad system online and watching the attacks against it. Although the simulation was conducted 7 years ago, there were a number of findings that stay relevant today:

  • Automated dictionary attacks to crack unknown passwords using common and overused words, phrases and combinations were the most frequent form of attack. Even with today’s increased awareness of the need for password complexity, dictionaries are simple, automatic and readily available out-of-the-box hacking tools that only have to work a single time to be worthwhile for the hacker.
  • “Only” four of the attacks resulted in successful logins, but two of those were from dictionary attacks. Attackers who successfully logged in once then logged in repeatedly.
  • One attacker was able to commandeer the front lights of a simulated train engine.
  • Security settings were discovered and exported. The same attacker who took control of the front lights also tried to log into the track signaling interface.
  • Another attack was on the media server, aimed at altering a public-facing website.

What this experiment uncovered is that a sizable portion of railway hackers don’t just have cybersecurity knowledge, but also have a deep understanding of the complexities and intricacies of the rail industry and operations.

The Scope of Railway Infrastructure Cybersecurity Attacks and the Rise of Ransomware

“An unlooked-for consequence of the railroad, is the increased acquaintance it has given the American people with the boundless resources of their own soil…Railroad iron is a magician's rod, in its power to evoke the sleeping energies of land and water.” – Ralph Waldo Emerson

As deep as our country’s “rail roots” run, America’s relationship with rail is more than poetic romance. In a typical year, continental U.S. freight railroads move around 1.7 billion tons over (just under) 140,000-miles of track and accounts for 40% of all American freight. Passengers travel about 17 billion miles a year on rail. American rail composes a major part of the national economic circulatory system. Spiritually, emotionally and physically, rail built the modern US economy and is a critical component of the transportation industry. In conjunction with the trucking industry, transportation can account for 40-60% of the overall costs of supporting a supply chain.

The interchange between trucking and rail has made new innovations. The new Des Moines Transload Facility provides one of the few places in the country where multiple Class 1 (national) and Class 2 trains can seamlessly, openly and competitively exchange freight with trucking companies or even other rail companies. This increased efficiency is critical to lowering shipping costs and making the entire transportation infrastructure more robust, but it also demands an innovative approach to transportation cybersecurity risk management.

Since Honeytrain, the cybersecurity threat landscape for real rail companies has only grown. Last month, many trains in Denmark ground to a halt for several hours. It was the result of a third party vendor falling victim to ransomware.

Rail is very big business and is therefore also a very big target. Cybersecurity in the rail industry is only one part of supporting a safe supply chain, but it is critical.

The Growing Relationship of Operations and Information Security – Risks and Opportunities

In the old days of rail there was only operational technology. When information technology was first introduced, it was thought of as an add-on to the infrastructure. The CIO was in charge of Information Security, and the COO took care of everything that wasn’t a workstation, server or network, such as locomotives, cranes, signaling and switching, rail cars, and anything that causes that equipment to run. With the growth in IoT technology digitally interconnecting once fully autonomous, individually controlled machines, everything from GPS-connected freight locators to internet-accessible locomotive controls, is now under the purview of information technology. The CIO and COO have a lot of overlapping responsibilities.

Traditionally operational equipment becomes more digital. Telematics and other information is readily available. This is great for operations, but provides more challenges for cybersecurity in transportation. This includes ransomware. Rail is uniquely vulnerable to paying high ransoms, just because of the high value of the freight that could be stalled in transit. The value of planning, detection and response in rail cybersecurity can’t be overstated. Project Honeytrain demonstrates the value of rail companies regularly scheduling red team exercises and penetration testing in anticipation of thwarting future attacks.

Rail Cybersecurity Mitigation Actions and Testing Directive

Rail systems now have more and clearer guidance than ever before when it comes to cybersecurity. In October, the U.S. Transportation Security Administration released the Rail Cybersecurity Mitigation Actions and Testing Directive. With the growing sophistication of attack technology and bad actors and organizations and even governments, and with the growing importance of rail as critical infrastructure in the supply chain, the TSA has directed U.S. rail owners and operators to do the following:

  • Identify critical cyber systems.
  • Develop network segmentation policies and controls to ensure that operational technology systems can continue to run safely if IT systems are compromised.
  • Create control measures to secure and prevent unauthorized access to critical cyber systems.
  • Build continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect critical cyber system operations.
  • Reduce the risk of exploitation of vulnerable systems by applying security patches and updates for operating systems, applications, drivers and firmware on critical cyber systems in a timely manner using a risk-based methodology.
  • Establish a Transportation Cybersecurity Assessment Program and send the plan annually to the TSA, describing how the rail carrier will proactively and regularly assess the effectiveness of cybersecurity measures and show and resolve vulnerabilities.

Safety and security of the rail network is paramount, and requires having good technology, good information and good people in place with the power to act. If safety and security fails, freight fails.

For transportation cybersecurity planning and execution, contact the experts at HBS today.

Related Content

Risk Matrix Likelihood Impact

Risk Assessment: Likelihood and Impact

Assess risk effectively with the risk assessment likelihood and impact matrix. This decision-making matrix assesses risk based on the likelihood and impact of threats in your organization.

Learn More »
The text "Operational Tech Meeting Security Challenges" on a white and grey textured background.

Unseen Vulnerabilities: The Critical Need for OT Security

Discover why Operational Technology security is crucial for your organization. Learn about common OT vulnerabilities, challenges, and best practices.

Explore More »
Image of Truck

Cybersecurity in the 21st Century Transportation Industry

As technology in the transportation and logistics sectors grow increasingly interconnected, the risk of cyber attacks rise and companies defend themselves.

Read More »
  • Cybersecurity, Operational Technology, Ransomware
Blog

Connect:

[email protected]  |  800.236.7914

HBS logo

HQ | 1700 Stephen Street
Little Chute, WI 54140
Locations

HBS Remote Support | Service & Technical Support | E-Bill Portal
Standard Terms & Conditions | Cookie Policy | Privacy Policy | Onboarding Form | End User Agreements | E-Bill FAQ | Site Map
Any purchase is governed by the HBS Standard Terms and Conditions.
©2026 Heartland Business Systems. All rights reserved.

Halo from HBS
This chat may be recorded as described in our Privacy Policy.