Ha, I was once tasked to do this for Russian trains. Thing is that they often loose the rear ends somewhere, and don't recognize it. They might be kilometers long. You need to able to detect that, and then optionally issue a break to the end. Of the course the message protocol needs to secure.
There's always a worst case scenario with vulnerabilities, likelihood and consequence becomes a fairly important metric to measure the risk. However the fact that you don't need to be "near" the train to do it makes it all the more opportunistic.
Perhaps if the USA were at war within another bordering nation who had physical access then it might be higher risk. But the trains are within the US with no bordering nations at much risk of doing anything on each other.
I'm not saying the people at the top aren't wrong, but we live in a world of differing priorities.
Ha, I was once tasked to do this for Russian trains. Thing is that they often loose the rear ends somewhere, and don't recognize it. They might be kilometers long. You need to able to detect that, and then optionally issue a break to the end. Of the course the message protocol needs to secure.
This isn’t how US trains work though. There is literally an air pipe from end to end. It leaking air is how the brakes are normally applied.
The system with the vuln is just an overlay.
Ah, so our system was much better. We used GPS. But the Russians never ordered it.
Whilst its not uncommon for vulnerabilities to be known for a long time without being fixed, this is one that sounds like it should be fixed.
It is noted that the vulnerability hasn't supposedly ever been exploited in real life.
Apart from a targeted attack on multiple trains it does sound like this attacks likelihood is fairly low.
Until it becomes a part of another, more spectacular and devastating attack.
There's always a worst case scenario with vulnerabilities, likelihood and consequence becomes a fairly important metric to measure the risk. However the fact that you don't need to be "near" the train to do it makes it all the more opportunistic.
Perhaps if the USA were at war within another bordering nation who had physical access then it might be higher risk. But the trains are within the US with no bordering nations at much risk of doing anything on each other.
I'm not saying the people at the top aren't wrong, but we live in a world of differing priorities.