Securing Positive Train Control Systems

  • Mark Hartong
  • Rajni Goel
  • Duminda Wijesekera
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 253)

Positive traincontrol(PTC)systemsare distributed interoperablesystems that control the movement of passenger and freight trains, providing significant safety enhancements over traditional methods of operating railroads. Due to their reliance onwirelesscommunications, PTCsystems are vulnerable to attacks that can compromise safety and potentially cause serious accidents. Designing PTC systems that can mitigate the negative effects of wireless-based exploits are mandatory to ensuring railroad safety. This paper employs use cases and misuse cases to analyze the effects of exploiting vulnerabilities in PTC systems. Use cases specify operational interactions and requirements, while misuse cases specify potential misuse or abuse scenarios. A distributed trust management system is proposed to enable PTC use cases and eliminate identified misuse cases.

Keywords: Railroad security, positive train control, use cases, misuse cases


Quality Function Deployment Mobile Unit Soft System Methodology Wayside Unit Freight Train 


  1. American Association of State Highway and Transportation Officials, Transportation: Invest in America - Freight-Rail Bottom Line Report, Washington, DC (freight. transportation. org/doc/FreightRailReport. pdf ), 2002.Google Scholar
  2. Association of American Railroads, U. S. Freight Railroad Statistics, Wash- ington, DC, 2004.Google Scholar
  3. Bureau of Transportation Statistics, Federal Railroad Administration Na- tional Rail Network 1:100, 000 (Line), National Transportation Atlas Data- base 2003, Department of Transportation, Washington, DC, 2003.Google Scholar
  4. [4]
    A. Carlson, D. Frincke and M. Laude, Railway security issues: A survey of developing railway technology, Proceedings of the International Conference on Computer, Communications and Control Technologies, vol. 1, pp. 1-6, 2003.Google Scholar
  5. [5]
    P. Checkland and J. Scholes, Soft Systems Methodology in Action, John Wiley, Chichester, United Kingdom, 1999.Google Scholar
  6. [6]
    C. Chittester and Y. Haimes, Risks of terrorism to information technol- ogy and to critical interdependent infrastructures, Journal of Homeland Security and Emergency Management, vol. 1(4), 2004.Google Scholar
  7. [7]
    P. Craven, A brief look at railroad communication vulnerabilities, Proceed- ings of the Seventh IEEE International Conference on Intelligent Trans- portation Systems, pp. 345-349, 2004.Google Scholar
  8. [8]
    P. Craven and A. Craven, Security of ATCS wireless railway communica- tions, Proceedings of the IEEE/ASME Joint Rail Conference, pp. 227-238, 2005.Google Scholar
  9. Department of Homeland Security, FY 2006 Infrastructure Protection Pro- gram: Intercity Passenger Rail Security Program Guidelines and Applica- tion Kit, Washington, DC, 2006.Google Scholar
  10. Federal Railroad Administration, Railroad Communications and Train Control, Technical Report, Department of Transportation, Washington, DC, 1994.Google Scholar
  11. Federal Railroad Administration, Implementation of Positive Train Control Systems, Technical Report, Department of Transportation, Washington, DC, 1999.Google Scholar
  12. Federal Railroad Administration, Benefits and Costs of Positive Train Control, Report in Response to the Request of the Appropriations Committees, Department of Transportation, Washington, DC, 2004.Google Scholar
  13. General Accounting Office, Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems, Report to Congressional Requesters, GAO-04-354, Washington, DC, 2004.Google Scholar
  14. [14]
    M. Hartong, R. Goel and D. Wijesekera, Communications-based positive train control systems architecture in the USA, Proceedings of the Sixty-Third IEEE Vehicular Technology Conference, vol. 6, pp. 2987-2991, 2006.Google Scholar
  15. [15]
    M. Hartong, R. Goel and D. Wijesekera, Communications security concerns in communications-based train control, Proceedings of the Tenth International Conference on Computer System Design and Operation in the Railway and Other Transit Systems, 2006.CrossRefGoogle Scholar
  16. [16]
    M. Hartong, R. Goel and D. Wijesekera, Key management requirements for positive train control communications security, Proceedings of the IEEE/ASME Joint Rail Conference, pp. 253-262, 2006.Google Scholar
  17. [17]
    M. Hartong, R. Goel and D. Wijesekera, Mapping misuse cases to functional fault trees in order to secure positive train control systems, Proceedings of the Ninth International Conference on Applications of Advanced Technology in Transportation Engineering, pp. 394-399, 2006.Google Scholar
  18. [18]
    R. Hubbard, N. Mead and C. Schroeder, An assessment of the relative efficiency of a facilitator-driven requirements collection process with respect to the conventional interview method, Proceedings of the Fourth Interna-tional Conference on Requirements Engineering, pp. 178-186, 2000.Google Scholar
  19. [19]
    I. Jacobson, Object-Oriented Software Engineering: A Use Case Driven Approach, Addison-Wesley, Boston, Massachusetts, 1992.MATHGoogle Scholar
  20. [20]
    K. Kang, S. Cohen, J. Hess, W. Novack and A. Peterson, Feature-Oriented Domain Analysis Feasibility Study, Technical Report CMU/SEI-90-TR-021, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, 1990.Google Scholar
  21. [21]
    W. Kunz and H. Rittel, Issues as elements of information systems, Working Paper WP-131, Berkeley Institute of Urban and Regional Development, University of California, Berkeley, California, 1970.Google Scholar
  22. [22]
    C. Lerman, Applying UML and Patterns: An Introduction to Object Oriented Analysis and Design and the Unified Process, Prentice Hall, Upper Saddle River, New Jersey, 1998.Google Scholar
  23. [23]
    G. Mullery, CORE: A method for controlled requirements specification, Proceedings of the Fourth International Conference on Software Engineering, pp. 126-135, 1979.Google Scholar
  24. National Research Council, Cybersecurity of Freight Information Systems: A Scoping Study, Transportation Research Board, National Academy of Sciences, Washington, DC, 2003.Google Scholar
  25. [25]
    S. Overmyer, L. Benoit and R. Owen, Conceptual modeling through linguistic analysis using LIDA, Proceedings of the Twenty-Third International Conference on Software Engineering, pp. 401-410, 2001.Google Scholar
  26. President’s National Security Telecommunications Advisory Committee (NSTAC), Wireless Security Report, Wireless Task Force Report, Na-tional Communications System, Arlington, Virginia (www.ncs. gov/nstac/ reports/2003/WTF%20Wireless%20Security%20Report. pdf), 2003.
  27. QFD Institute, Frequently asked questions about QFD (www.qfdi. org/what is qfd/faqs about qfd. htm).
  28. [28]
    W. Rash, Engaging in worm warfare, InfoWorld, January 9, 2004.Google Scholar
  29. [29]
    J. Rollins and C. Wilson, Terrorist Capabilities for Cyberattack: Overview and Policy Issues, Report RL33123, Congressional Research Service, Library of Congress, Washington, DC, 2007.Google Scholar
  30. [30]
    J. Rumbaugh, Getting started: Using use cases to capture requirements, Journal of Object-Oriented Programming, vol. 7(5), pp. 8-12, 1994.Google Scholar
  31. [31]
    G. Sindre and A. Opdahl, Eliciting security requirements by misuse cases, Proceedings of the Thirty-Seventh International Conference on Technology of Object-Oriented Languages and Systems, pp. 120-131, 2000.Google Scholar
  32. [32]
    G. Sindre and A. Opdahl, Capturing security requirements through misuse cases, Proceedings of the Fourteenth Norwegian Informatics Conference, 2001.Google Scholar
  33. [33]
    G. Sindre and A. Opdahl, Templates for misuse case description, Proceedings of the Seventh International Workshop on Requirements Engineering, 2001.Google Scholar
  34. Surface Transportation Board, 2003 Statistics of Class I Freight Railroads in the United States, Department of Transportation, Washington, DC, 2003.Google Scholar
  35. Systems Designers Scientific, CORE - The Method: User Manual, SD Scicon, London, United Kingdom, 1986.Google Scholar
  36. [36]
    U. S. Government, Standards for the development and use of processor based signal and train control systems, Federal Register, vol. 70(232), pp. 72382-72385, 2005.Google Scholar
  37. [37]
    B. Weinstein and T. Clower, The Impacts of the Union Pacific Service Disruptions on the Texas and National Economies: An Unfinished Story, Center for Economic Development and Research, University of North Texas, Denton, Texas, 1998.Google Scholar
  38. [38]
    J. Wood and D. Silver, Joint Application Development, John Wiley, New York, 1995.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Mark Hartong
    • 1
  • Rajni Goel
    • 2
  • Duminda Wijesekera
    • 3
  1. 1.Information TechnologyGeorge Mason UniversityFairfaxUSA
  2. 2.Information Systems and Decision SciencesHoward UniversityWashingtonUSA
  3. 3.Information and Software EngineeringGeorge Mason UniversityFairfaxUSA

Personalised recommendations