Most rail cyber incidents have been IT cyberattacks. Existing government and industry cyber security guidelines have focused on these IT issues. The government and industry cyber security guidelines have often failed to address the control system cyber issues that have resulted in catastrophic control system cyber rail incidents. There have been more than fifty control system cyber-related rail incidents internationally that affected reliability and safety. Rail cyber-related incidents have occurred in municipal railways, mass transit, long-distance passenger rail, and freight killing more than 490 people. These cases include both unintentional as well as malicious attacks. Like other industries, rail control system cyber incidents are generally classified as mechanical or electrical failures with no cyber incident response activities. As a result, rail control system cyber-related incidents continue to recur as there has been minimal information sharing and no training to identify or address control system cyber-related incidents.
