Railway systems have long been critical. Mass transit systems move hundreds of thousands of people throughout urban areas each work day. Freight systems move an estimated 40 tons of freight for every person in the U.S. every year. Imagine the chaos if they were disrupted.
These systems have always been challenging to secure. Even urban mass transit systems contain hundreds of miles of track, with thousands of control mechanisms along their routes. And interstate or international systems that move freight and natural resources to where they are needed are even more widely distributed.
For centuries, these systems were strictly mechanical, with whatever electronic controls they used strictly proprietary. Railway operators now, though, increasingly use open-source, commercial off-the-shelf (COTS) control systems. That multiplies the challenge of securing systems from those who wish to disrupt lives or the flow of products and services. Railway systems are highly vulnerable to cyber-kinetic attacks.