A government memo saying a railway was hacked in a targeted attack was incorrect, according to a spokeswoman for the Association of American Railroads.
“There was no targeted computer-based attack on a railroad,” according to spokeswoman Holly Arthur. “The memo on which the story was based has numerous inaccuracies.”
Asked if there was an “untargeted” incident that disrupted train service nonetheless, Arthur declined to comment, leaving the public in the dark about what exactly was right and wrong in the memo.
A DHS spokesman had previously told Threat Level on Tuesday that the incident wasn’t a “targeted” attack, but refused to provide additional details to explain the exact nature of the incident that affected the railway service.
Sources, who asked not to be identified, have told Threat Level that the person who wrote the memo misunderstood what was said about the incident in a meeting and wrote that it was a targeted attack focused on the railway, when in fact it was not targeted at the railroad.
Though no one is willing to provide details about what exactly happened, it appears that a cyber incident did occur, but it may have been aimed at another entity, not the railway. Somehow the railway suffered collateral effects from that attack. No one has been willing to say how exactly that occurred.
The incident went public earlier this week when NextGov reported that it had obtained a government memo written by an unidentified person, which described a breach that had occurred at an unidentified railway in the Pacific Northwest in December.
According to the memo, train service on the railroad “was slowed for a short while” on Dec. 1, and rail schedules were delayed about 15 minutes after the interference. The next day, shortly before rush hour, a “second event occurred,” but this one did not affect schedules.
An investigation determined that hackers — possibly from overseas — had penetrated the system from three IP addresses, according to the memo, which did not name the country from which the hack occurred.
The AAR spokeswoman said her organization was concerned that the NextGov story “leaves readers with the impression that railroads are not taking effective steps to actively secure our networks from cyber attacks.”
“In addition to security measures, railroads like other high tech industries have multiple backup capabilities and ultimately manual operation procedures to address virtually any type of disruption,” she wrote in an e-mail, without elaborating on what those backup capabilities were or whether they were at play in the December incident.