D.C. Metro system beefs up supply-chain cybersecurity provisions for new railcars

The Washington, D.C., area’s Metro system, in response to U.S. senators who raised security concerns about a new line of railcars, now says it will use the National Institute of Standards and Technology’s cybersecurity framework to vet software and hardware proposed for the project. Bidders on the railcar procurement, worth an estimated $1 billion and covering up to 800 railcars, also will have to show evidence that a third party tested their software or hardware, Washington Metropolitan Area Transit Authority CEO Paul J. Wiedefeld said Wednesday. The NIST framework — used widely throughout other industries and government agencies — is a key part of the  updated request for proposal, Wiedefeld wrote in a letter to Democratic senators from Virginia and Maryland. “We are confident that these approaches will impose appropriate controls that limit any malicious actor’s ability to embed malware and for WMATA to monitor and enforce security requirements,” Wiedefeld wrote to […]

The post D.C. Metro system beefs up supply-chain cybersecurity provisions for new railcars appeared first on CyberScoop.

Continue reading D.C. Metro system beefs up supply-chain cybersecurity provisions for new railcars

Senators worry that new D.C. Metro railcars could carry cyber risk

Senators who represent the Washington, D.C., area have raised concerns about added cybersecurity risks in the region’s Metro system after reports that a Chinese state-owned manufacturing company could win a $1 billion procurement for railcars. The four Democrats – Sens. Mark Warner and Tim Kaine of Virginia, and Ben Cardin and Chris Van Hollen of Maryland – wrote to the Washington Metropolitan Area Transit Authority expressing their “serious concerns” of possible foreign bidding on the project, “particularly when it could involve foreign governments that have explicitly sought to undermine our country’s economic competitiveness and national security.” The Jan. 18 letter to WMATA CEO Paul J. Wiedefeld, the lawmakers exhorted him to “take the necessary steps to mitigate growing cyber risks to these cars.” The worry is that technology in the transit system, including video surveillance cameras and the automated aspects of railcars, could be a target of spies or hackers. The state-owned China Railway […]

The post Senators worry that new D.C. Metro railcars could carry cyber risk appeared first on CyberScoop.

Continue reading Senators worry that new D.C. Metro railcars could carry cyber risk