Train service of the unnamed railroad "was slowed for a short while" and rail schedules were delayed about 15 minutes on Dec. 1 as a result of the computer intrusion. The following day, shortly before rush hour, a "second event occurred" that did not affect schedules, according to a TSA document obtained by Nextgov. The memo summarized discussions TSA had with railroad industry representatives on Dec. 20 regarding the incident.
"Some of the possible causes lead to consideration of an overseas cyberattack", the memo stated. TSA investigators discovered two IP addresses used by the intruders on Dec. 1 and a third on Dec. 2, the document noted, but it did not say in which country the IP addresses were located. The TSA sent out notice of the incident, including the three IP addresses, to several hundred railroad companies and public transportation agencies.
However, Holly Arthur, a spokeswoman for the Association of American Railroads, denied that there was a recent computer hack of a US railroad. She told Nextgov that there was “no targeted computer-based attack on a railroad. Railroads closely monitor cyber security as a fully integrated part of both the industry's overall security plan, as well as individual company plans. Continuous coordination on cyber security occurs across the industry and with the federal government.”