American Railroads are planning to complete implementation of their Positive Train Control (PTC) systems by 2020 with the primary safety objectives of avoiding inter-train collisions, train derailments and ensuring railroad worker safety. Under published I-ETMS specifications, the onboard unit (OBU) communicates with two networks; (1) the Signaling network that conveys track warrants to occupy blocks etc. and (2) the Wayside Interface Unit (WIU) network, a sensor network situated on tracks to gather navigational information. These include the status of rail infrastructure (such as switches) and any operational hazards that may affect the intended train path. In order to facilitate timely delivery of messages, PTC systems will have a reliable radio network operating in the reserved 220MHz spectrum, although the PTC system itself is designed to be a real-time fail safe distributed control systems. Both the signaling and the WIUs communicate their information (track warrants, speed restrictions, and Beacon status) using software defined radio networks. Given that PTC systems are controlled by radio networks, they are subjected to cyber-attacks.
We show a design and a prototype implementation of a PTC Cyber Situational awareness system that gathers information from WIU devices and Locomotives for the use of rail operators. In order to do so, we designed secure IDS components to reside on the On Board Units (OBU), signaling points (SP) and the WIUs that gather real-time status information and share them with the Back Office system to provide the cyber-security health of the communication fabric. Our system is able to detect and share information about command replay, hash breaking guessing and message corruption attacks.