Mike O'Rielly, a former commissioner of the Federal Communications Commission (FCC), has raised concerns about consolidating U.S. freight rail Centralized Traffic Control (CTC) communications onto the 220MHz block. He said that such consolidation could lead to "existing and new communications to fail." This assertion was made in an op-ed published on February 18.
"Normally this would be considered win-win, but 220 MHz freight licenses could be overloaded with all this extra traffic, potentially causing existing and new communications to fail," said O'Rielly, Former Commissioner of the FCC. "Moreover, it would place critical rail communications into one band, potentially handing one bad actor the ability to effectively shut down all freight rail."
O'Rielly suggested that using the 220MHz network might serve as the rail industry's "backup" plan if it fails to meet the FCC's deadline. According to Trains Magazine, cybersecurity risks are heightened with a shared network and expanded attack surface. The 220 MHz network employs the Interoperable Train Control Messaging (ITCM) system, which connects locomotives, wayside units, and servers across railroads. Adding CTC data could increase vulnerability; a cyberattack might disrupt not only Positive Train Control’s (PTC) safety enforcement but also CTC’s control signals.
A Senior Intelligence Analyst for Dragos highlighted that known vulnerabilities in PTC radios could be exploited nationwide. Most U.S. PTC radios are supplied by Meteorcomm and use a proprietary protocol. A single flaw in these devices could allow hackers to perform man-in-the-middle attacks, potentially sending false signals or disabling critical safety features like PTC brakes.
Shift5, a rail cybersecurity firm, identified weaknesses in PTC systems and cited a 2021 CSX ransomware attack where hackers leaked internal PTC protocol data and passwords. Such breaches provide adversaries with tools to infiltrate networks further. Combining CTC and PTC on the 220 MHz network would make any security breach more dangerous, enabling attackers to manipulate both train movement and signaling.
Michael O’Rielly served as an FCC commissioner from 2013 to 2020, according to Fierce Technology. He is currently president of MPORielly Consulting Inc., a visiting fellow at the Hudson Institute, and a senior fellow at the Media Institute. Before his tenure at the FCC, he spent two decades in significant staff roles on Capitol Hill, including positions in both the U.S. Senate and House of Representatives.
