America's trains move approximately forty-five percent of American commerce – everything from coal, to corn, to chemicals – and when a freight train derails the consequences can spell disaster.
To make the railroads safer, Congress passed legislation that requires new train safety standards to be implemented by 2015. The U.S. Rail and Safety Improvement Act mandates safety improvement by instituting a system called Positive Train Control, or PTC. This system monitors a train's movements, speed, location, rail conditions, and other variables, through a wireless system and wayside equipment and constantly transmits vital data to the train, thus reducing human errors.
There is, however, a trade-off with this technology. "One of the most pressing problems with trains today is security," said Duminda Wijeskera, professor in the Volgenau School's Computer Science Department. "Traditionally the nation used a signaling system that relied on rail workers being able to physically see the trains and the signal beacons."
With the implementation of PTC, in addition to the infrastructure challenges of implementing a wireless system across the nation's rail lines, there are legitimate concerns that the wireless messages broadcast openly on a signal frequency band that could be intercepted. For example, trains carrying hazardous chemicals that also pass through urban areas could be tampered with and cause serious danger to people who live in those areas.
Wijeskera's work is funded in part by the Department of Transportation, and he has also had projects with Siemens. He and his team of graduate students have identified potential security faults and are now testing solutions. One of those students, André Abadie, successfully defended his Ph.D. dissertation, "A Composite Risk Model for Railroad Operations Utilizing Positive Train Control" in spring 2014 and will be awarded his Ph.D in May.
Abadie, an active-duty military officer stationed at Fort Meade, Md. proposed a novel approach for composite risk management of rail operations. The model incorporated operational risk computed by the rail industry and cyber security risk introduced by PTC. The result of combining these two risk assessment models enhances both. The operational risk model factors potential PTC failure in its risk assessment and gains awareness of possible requirements for operator interventions. The system risk model factors operational risk as its severity metric leading to possible requirements for automated risk mitigation by dynamic configuration change to the PTC radio.
"In the end, we think a flexible communication system can position railroads for the uncertainty surrounding their future operational environment – whether that is a result of regulatory constrains or fiduciary restraint" said Abadie. "Either limitation is best countered by a communication system that can do more, not more communication systems."