On Tuesday the Federal Railroad Administration published a notice in the Federal Register (76 FR 48941) that they were considering a petition to approve a processor-based automated dispatch system that would allow for the computer controlled dispatch of trains on low-density rail lines. Acceptance of the Railsoft TrackAccess System is being proposed by Marquette Rail, LLC.
I was interested in this notice because of the possible cyber security concerns with a system that could control the movement of hazardous material railcars. I wanted to see if the approval process was going to include a cybersecurity evaluation of the system. Unfortunately, the docket at www.Regulations.gov (Docket Number: FRA-2011-0055) still (as of 04:30 8-11-11) does not yet contain the copy of the petition or any supporting information submitted by Marquette. So I’ll just have to make some generic comments on this type of program.
Depending on the level of automation included in such a program a computer controlled dispatch system could have a significant impact on the safe movement of hazardous material railcars. One only has to look at the South Carolina chlorine release of a couple of years ago to see that a relatively simple mis-switching of trains can have catastrophic consequences. I have no doubt that FRA will evaluate such programs are designed to ensure that accidents of this sort would be prevented on lines covered by the system.
My concern is that FRA might not have the internal expertise to evaluate the protections against a cyber-attack on such a system that would deliberately attempt to force similar types of incidents. More importantly, there is currently no requirement or methodology in place to ensure that such an evaluation takes place before such a system is deployed.
NOTE: A copy of this post will be submitted as a comment on this docket.
No comments:
Post a Comment