TSA invites itself into a new area: Open access to control systems

Apparently, TSA is going to recruit an army of computer security experts from pizza boxes and gas pumps, or maybe give them a week of on-the-job training ....

The Examiner (23 Jan 2012): TSA memo reveals railway computer hacked​

IB TImes (24 Jan 2012): Computer Hackers Hijack US Trains - TSA Memo​

Wired/Thread Level (24 Jan 2012): Hackers Breached Railway Network, Disrupted Service​

This is not a transportation problem. This is symptomatic of a much larger issue that industry must address, e.g.

Wired/Threat Level (24 Jan 2012): 10K Reasons to Worry About Critical Infrastructure​

Interesting that Wired/Threat Level posted the two articles about the same time. At least somebody is looking at the larger picture. If they want to solve it, keep TSA out of the way. It won't do much good if the train stays on the track while the chemical plant explodes.

The 10K figure is incredible. I've worked with industrial control systems for years. A common refrain is "nobody would ever allow their control systems to be connected to the internet". Ha!

 

Maybe they can assign smurfs to grope computer technicians.

 

Yeah, if they want a thicknet enema.

 

Yeah. I've lost count of how many bean-counting assclowns have said, "Oh, it'll be OK - we're planning on using a VPN tunnel!" when they're told it's a horribly bad idea.

 

Or a punchdown tool to the cranium.

 

Computer Hackers Hijack US Trains


Quite the headline for a story about a stretch of railway was slowed down and some trains were delayed by 15 minutes.

 

Do you know for a fact that's all they could possibly do?

Let's suppose I hacked into the control system for an oil refinery. On my first trial run, would I move an actuator by 1 or 2%, or would I send an entire control loop into fault state? Either requires the writing of only a single parameter. Make it a little more complicated by doing two things at time -- e.g. changing ramp rates & then moving the actuators to full open or full close (i.e. slam the valves shut) and you can start doing some real physical damage.

What matters is that they were through the door, not how much or how little the hackers did.

 

Sounds like the plot for "Under Siege 3". Steven Segal's not doing anything right now is he?

 

No, my comment was more about the alarmist headline. More sizzle than steak it seemed, but I admit this is not in my field of expertise.

I also saw this about some goofballs in the same area around the same time messing with signals by closing the track circuit with a piece of wire, so that put me in a dismissive mood.

 

Pennies on the track is a one way ticket to Gitmo, ya know.

 

Believe it or not he has (or had) some kind of reality show where he works as an LEO.

And his costar from that movie is still hawt.

 

Meh. If you like inflatables.

 

Seagal has been a reserve deputy there for like 20 something years, and now is an Assistant Chief (I think that is right? Dont quote me). He helps with weapons training and unarmed self defense classes and has that team he rides around with in the SUVs finding stuff to get into.

Eleniak is still a pretty woman, true...

 

I wonder if the TSA has made him an offer to play screener for a while, and use his Patented Elbow-Breaking Aikido Move on elderly passengers who balk at letting the blue-shirted dumbasses bust the seals on their urostomy bags.

 

Can't say I really noticed that; I just like cougars.

Anyway, back OT:

 

If they got in, they were hacked. What matters is the access, not what was done on this particular incursion.