A Rail Attack, or a Communications Problem?

Who knows what really happened to a railway in the Pacific Northwest last month? Nobody who's willing to say, apparently. Nextgov's reporting on a Transportation Security Administration memo that stated unequivocally hackers executed a "targeted attack" on a railroad and disrupted signals leaves a lot of unanswered questions. For starters:

  • According to the handout, which summarized a transportation working group's Dec. 20 meeting on the crisis, TSA provided the transit sector with live updates to explain the source of the intrusion. This week, rail industry representatives refuted the accuracy of its contents, saying no targeted attack occurred. Why was an inaccurate TSA memo that asserted a targeted cyberattack on a rail distributed?
  • If there wasn't a railway cyber strike, why wasn't a subsequent corrected memo issued?
  • What actually caused the signal interference?
  • Why didn't the memo carry a "For Official Use Only" stamp or some other confidential label, if the notes were not for public consumption?
  • Is it TSA or the rail company that gets to decide the cause of a malfunction?
  • Will this mess frighten industry away from asking the government for help in the event of a real cyber emergency?

The irony here is that the memo praised the government-industry collaboration in responding to this breach. But maybe that too was inaccurate. So much for effective outreach.