NW Mailing List
nw-mailing-list at nwhs.org
Wed Jan 10 15:17:20 EST 2007
John Marbury wrote:
> Having said that, I imagine someone could figure out the message syntax
> and build something that will mock a BCP. They then could send phony
> requests to the field. But requests is what they would be. Just as
> with any known code system, the requests would not be honored by the
> field equipment if it were not safe to do. The safety-checking (called
> "vital") circuits out in the secure field housings at control points
> keep most chaos from happening. Whatever happens should be safe anyway.
Some specific examples to illustrate:
Dispatcher lines a westbound train through a control point. The command
sent via ATCS the control point is 'show signal indication to allow a
westbound train through the CP'. The actual signal indication displayed
will be a non-Full-Stop indication depending on actual block occupancy
and switch routings.
'Someone' then sends an ATCS command to the control point to 'show signal
indication to allow an eastbound train through the CP'. When the vital
circuits for the control point get told to display non-stop aspects for
opposing routes on the same track, the actual signal indications displayed
in the field will be red Stop indications in both directions.
If 'someone' is a hacker, the worst that can happen is no different
than if they just placed an iron pipe across the rails west of the
signal or if a slide detector fence gets tripped. The westbound might
run a stop signal if the clear drops just before they hit it, but
there shouldn't be an opossing train coming at them
If 'someone' is the dispatcher, this is exactly what happens when they
take down/back a signal and have to wait for it to time out to change a
Similarly, the control point should ignore a request to reverse a
crossover if anything is occupying the switch circuit, or if a train
is even just lined up through the crossover. The same failsafes that
prevent a dispatcher from accidentally reversing a switch underneath
a train also protect the system from any malicious controls attempting
to cause serious derailments.
The problems that CAN be caused by sending malicious ATCS commands can
be caused much easier with a five foot metal pipe - or by cutting down
copper code line to sell to scrap dealers for drug money.
More information about the NW-Mailing-List