Wednesday, May 13, 2015

Amtrak accident in Philadelphia leaves disturbing questions about infrastructure, Internet security even if cause is finally found to be simple human error


The Amtrak accident in Philadelphia has the potential to have frightening implications for both our personal mobility and for the Internet, based on what future investigations find.  
  
I was in the Port Richmond area of Philadelphia myself (by car) on January 19, 2015, as I have mentioned a few times on these blogs (Fishtown, a subject of a book by Charles Murray, is nearby.) 
  
At first, I did wonder if there had been the possibility of explosion in the first passenger car, which would indicate terrorism, comporting with recent international and religious politics, if true.  But the best information now says that the train was going 106 mph in a 50 mph zone.  I have ridden this train (both Northeast regional and Acela) many times and remember the curve.  I think that the Philadelphia Zoo is nearby, as is a major electrical substation.  The train always slows down on this curve.  Or, having left 30th Street Station, it usually travels slowly until past this curve.  Many trains also used to do a stop in North Philadelphia, which I used sometimes when living in New Jersey in the early 1970s (and which my father often used on business trips).  




So I was rather shocked at reports of the train’s speed, which I did notice early today watching this surveillance video (CNN link ).  One possibility that occurs, to me at least, is the possibility of hacking or tampering with the train’s computer systems, conceivably from the Internet, if indeed the control systems were accessible on Internet topology.  Homeland security reporters have speculated on cyberwar and on attacks on power plants or airlines this way by hackers, and my reaction has always been, there simply should not exist any topological path between my computer and an Amtrak train, and airliner, or a power plant.  The mathematical concept (in graph theory) is called connectedness, and is easily proved or disproved. I studied plenty of theorems about this in graduate school in the 1960s (at KU).  If connection existed, maybe I could reach a USAF missile silo in North Dakota, NORAD, or the Pentagon (as in the prescient 1983 movie “War Games”).  This should not be possible at all.  
  
We know, though, that Sony was compromised, although probably from an inside source.  And the enemy was secular (North Korea), not Islam.  That can be true now.  Russia and China (as Donald Trump warns) are not our friends now.  
  
It’s also true the IT shops in many organizations do have loopholes.  I found plenty of these in the elevation processes at work when I was in mainframe IT (a very good employee in data control found a tremendous loophole in 1991), and there were indeed three or four incidents of deliberate compromise by others during my career (resulting in firings and at least two arrests).  DBMS’s can have “wormholes” when accessed in unusual ways (as with mainframe IDMS when accessed in batch through a “central version” – I think I’ve talked about this before on my IT blog).  While we have no specific information on Amtrak’s shop, I know that in general these sort of problems often exist.  Metro was found to have serious IT problems after the tunnel smoke fatality in Washington DC in January 2015.  Organizations like Metro and Amtrak may have difficulty attracting the very best technical talent to configure these systems properly.  
  
A lot has been written today about Congress’s unwillingness to fund Amtrak properly (relative to freight-owned tracks), and about a speed control system yet to be implemented in much of the Amtrak system, including Philadelphia.
  
The most recent news reports on CNN suggest that speeding on train systems is more common than we think.  A horrible accident in Spain, and several commuter rail accidents in the US have resulted from speeding.   Centrifugal force causes trains to derail (can cars and trucks to lose control) on curves, and it’s easy to demonstrate on a model railroad. But it is very hard to imagine an engineer’s allowing a train to go over 100 mph so soon after leaving a major train station in an area with a lot of curves and branch connections (one that goes to Atlantic City).  If a computer controls the train’s speed and somehow worked improperly (possibly because of sabotage), it’s hard to understand that the engineer wouldn’t be able to override it manually and slow the train down, well before it reached this speed. 
  
If indeed, however, it is found that external sabotage took place, Hitchcock-style, this could have serious implications for efficient transportation and Internet use for everyone.  
  
Over the past few months, Homeland Security has already floated the idea of severely restricting onboard electronics and cell phones on planes.  Could this even happen to trains?  How would people stay wired when they got to their destinations?  Little has been written about this yet (see Dec. 5, 2014 post). 
  
Note: the latest CNN report now says the engineer slammed on the brake just before the wreck.  The engineer will not answer questions of police without an attorney. The Philadelphia mayor condemned the engineer, and the NTSB says the mayor is out of line.  It now appears that an automatic speed control system in place between Washington and the Delaware line and in parts of New Jersey has not been implemented in the Pennsylvania portion  -- so there was no control system to "hack" in this case.  Once it is installed, as it must be, security for it will be critical. 

Also, along the lines of topological isolation, I see that Newsweek (May 15). has an article on "Cyberpower" by Owen Matthews where the topic of "air gaps" to reach isolated utility networks is mentioned. I'll get into this on another posting soon. 

Update: May 15

The Philadelphia Inquirer has a running update of the factual investigation here. An Atlanta TV station article here. LA times has more here.  I haven't yet found any of Brandon's original blog postings. 

Later update:  It appears possible or even likely that the Amtrak train was struck by a bullet or missile, as was another SEPTA train (CNN).  The engineer might have been struck, which could cause incapacitation that he did not remember (although medical examination of injuries should have found that by now).  FBI is investigating.  This sounds ominous, like "lone wolf" activity feared in recent FBI, Homeland Security, and NSA statements, to be honest.  But facts are not in all in.  Philadelphia Inquirer seems to be the most detailed and up-to-date.  

May 16:  The New York Times discusses the problem of objects being thrown at trains in the NE corridor, here

May 22:   NTSB says there's no evidence of a bullet, and some of the other stories about other trains being struck and conversations with the engineer have been discounted. The best theory, although speculative, may be that a thrown object struck the locomotive and distracted the engineer, and he made a mistake at the control, and thought he was north of the curve.  That's not certain.  But the lack of an automated speed control system on the northbound track was fatal.  It has since been installed. 


No comments: