America’s railroads are a critical component of our national infrastructure, transporting people, raw materials, and finished goods that make modern life possible. An estimated 12,000 trains operate daily. The Department of Defense has designated 30,000 miles of track and structure as critical to the mobilization and resupply of U.S. military forces. 

System Components 

PNNL has designed, engineered, and fabricated multiple models, known as platforms, that represent different critical infrastructure equipped with industrial control systems and supervisory control and data acquisition systems. 

The freight rail platform consists of cyber-based systems: central traffic control (CTC) and positive train control (PTC). CTC provides the connectivity for centralized dispatchers to monitor track status and set routes for trains across a region to maintain safe and efficient routes. The PTC system is a newer rail automation technology that is required by Congress of all Class I railroads as of 2008. PTC offers locomotive location and speed tracking, automated safety braking when exceeding rail authorities, and wayside track status. 

PNNL’s freight rail platform contains representative industrial control equipment commonly found within a modern U.S, freight rail system, such as the following: 

• Real wayside and communications equipment used by the rail industry 
• An N-scale DCC-controlled model train 
• Two interconnected tracks 
• Virtualized software simulations 

Each of these components is fully functioning, and they can all operate to reflect upset conditions that occur in real-world scenarios. These conditions include exceeding movement authorities (potentially causing derailments), bad routes, and signaling causing trains to operate too closely on the same track.

Impact 

The freight rail platform allows the Cybersecurity and Infrastructure Security Agency to raise industry awareness of various cyberattacks that could affect freight rail operations by conducting red-team/blue-team cyber exercises and training. These exercises allow government and industry analysts to search for artifacts of cyber-attacker tactics and actions within realistic infrastructures to practice applying their tools, processes, and coordination for the purpose of documenting cyberattack timelines and communicating recommended mitigation strategies. Such threat tactics consist of unauthorized access to or attacks on control systems, supply chain compromises, data breaches, and ransomware attacks. These attacks can disrupt control processes; allow unauthorized access to operational plans, security protocols, or personal information; or put freight rail management systems at risk. These consequences can lead to service outages or delays, business disruptions, and compromised or exposed personally identifiable information of customers and employees.