Railroad IT security on track

A new partnership will put the railroad industry on the fast track to securing

systems on which railroads rely for scheduling, positioning and communications.

Under the partnership announced Monday, the Transportation Department and

the Association of American Railroads will work closely to identify vulnerabilities

and share information about threats, according to a DOT statement.

Railroads use computers for safety, efficiency and customer service, said

Edward Hamberger, president and chief executive officer of the AAR, in the

DOT statement. For example, the rail industry plans to use precise information

from Global Positioning System satellites to determine location and speed,

which will improve safety and service.

DOT and AAR will sponsor industry workshops in the next few months to raise

awareness of the threats and vulnerabilities to the nation's railroads and

other transportation modes, DOT said, adding that from those workshops,

the organizations will develop strategies to address those threats.

AAR will establish an Information Sharing and Analysis Center (ISAC) for

transportation, which will be a clearinghouse for receiving, analyzing and

distributing data needed to protect information technology systems.

DOT is also conducting a vulnerability assessment of transportation systems

that rely on GPS for positioning, timing and navigation. Recommendations

for how to protect those assets from intentional or unintentional interference

are expected in December.

The partnership is part of an effort by all federal agencies to identify

and protect their critical information infrastructure under Presidential

Decision Directive 63, which requires critical IT systems to be secure by

May 2003.