Cyber security analysis for advanced train control system (ATCS) in CTC systems: Concepts and methods

Zezhou Wang, Yongxin Wang, Brian Sykes, Keith Holt, Xiang Liu, Chaitanya Yavvari, Matthew Jablonski, Duminda Wijesekera

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Advanced Train Control System (ATCS) is a proprietary network protocol that expands the functionality and efficiency of Centralized Traffic Control (CTC) systems, by using radio communications (radio code line) for message delivery. However, end-to-end cyber security issues were not considered during initial design of ATCS in the 1980s. Meanwhile, the landscape of cyber-physical threats and vulnerabilities has changed dramatically over the last three decades. Even though cutting-edge systems like Positive Train Control (PTC) have adopted security properties such as integrity check and encryption methods, major railroads in North America still deploy legacy ATCS standards to maintain their individual CTC system. This paper first illustrated the background and general specifications of ATCS applications in North American railroads. The research team has noticed that few studies have systematically analyzed this topic since the emergence of ATCS, though its applications are still prevailing in the industry. Divided by both vital and non-vital operational scenarios, this paper presented case studies for ATCS-related vulnerabilities. We used a sender-receiver sequencing-based analysis and proposed a consequence-based simulation model to identify and further evaluate the cyber and physical risks under potential cyber-attacks. For the identified risk, the paper evaluated the likelihood based on the practical operational sequences, and recommended potential countermeasures for the industry to improve the security over the specific case. The research concluded that the fail-safe design in the ATCS systems would prevent the exploiting known security vulnerabilities which could result in unsafe train movements. However, the service disruptions under certain speculated attacks need further evaluation. At the end of this paper, we discussed our ongoing work for disruption evaluation in the wake of successful cyber attacks.

Original languageEnglish (US)
Title of host publication2019 Joint Rail Conference, JRC 2019
PublisherAmerican Society of Mechanical Engineers (ASME)
ISBN (Electronic)9780791858523
StatePublished - Jan 1 2019
Event2019 Joint Rail Conference, JRC 2019 - Snowbird, United States
Duration: Apr 9 2019Apr 12 2019

Publication series

Name2019 Joint Rail Conference, JRC 2019


Conference2019 Joint Rail Conference, JRC 2019
Country/TerritoryUnited States

All Science Journal Classification (ASJC) codes

  • Mechanical Engineering


Dive into the research topics of 'Cyber security analysis for advanced train control system (ATCS) in CTC systems: Concepts and methods'. Together they form a unique fingerprint.

Cite this