CCRC is the state-owned and heavily subsidized passenger rail provider from China. It’s winning contracts in major cities across the United States, undercutting competitors on prices.
Meanwhile, the Washington, D.C., Metropolitan Area Transit Authority (WMATA) is currently accepting bids for infrastructure work. The possibility that CCRC could possibly submit a bid is raising some concerns about cyber security risks. The RFP doesn’t specify how WMATA would go about cyber security, for CCRC or any other vendor.
With increasing dependence on smart sensors, sophisticated processing, and complex networks, next generation infrastructure projects promise greater safety, reliability, and efficiency, and also present new and potentially serious cyber security risks.
Throughout the United States, vital infrastructure investments that have been stalled for decades may actually be happening soon. Boston, Chicago, Los Angeles, and Philadelphia have major commuter rail infrastructure projects underway, and New Jersey, New York, and Washington, D.C. aren’t far behind. Grid updates are in the works in Rhode Island, California, New York, and other states. This may be the result of an undercurrent of bipartisan support for ambitious federal infrastructure investment plans and warnings of a loss of nearly 2.5 million jobs and $7 million in lost business by 2025 in the U.S. if action isn’t taken to close a nearly $1.5 trillion investment gap before then.
But those infrastructure investments need to be made with cyber security in mind. Cyber threats from various adversaries trying to penetrate the U.S. electric utility infrastructure and knock out power are well documented. Contracting a foreign entity to build and maintain the next generation of railcars, especially those that service Metro stations at the Pentagon and near the White House and Capitol Hill, could be risky.
What’s the risk?
- A malicious cyber actor could use code to lock down and disable a critical system, and then demand payment as ransom for unlocking it (a common attack known as ransomware).
- A terrorist group might attack infrastructure to cause accidents and spread fear.
- Countries such as China, Iran, North Korea, or Russia might seek to use smart, connected infrastructure as a platform for espionage, or even as the target for destructive cyber attacks against the United States.
Is Your Organization at Risk?
Organizations of every size in every industry must stay in the know about the potential for cyber threats and the tools to squash them. Cyber Security Tools for Today’s Environment offers the training your organization needs now to stay secure. Designed to help businesses improve their security techniques, this 11-course program is designed for technical professionals across all industries who support their company’s IT departments. Upon successful completion of the program, engineers receive valuable CEUs/PDHs from IEEE for use in maintaining engineering licenses. Contact IEEE today to request a quote and learn more about bringing this course to your organization.
Grotto, Andrew. (15 Nov 2018). Cyber Security Derailed? Recommendations For Smarter Investments In Infrastructure. War on the Rocks.