Could a Chinese-made Metro car spy on us? Many experts say yes.
Hat tip, Greater Greater Washington:
Transportation
Could a Chinese-made Metro car spy on us? Many experts say yes.
By Robert McCartney (Senior regional correspondent covering government and politics) and Faiz Siddiqui
January 7 at 4:45 PM
The warnings sound like the plot of a Hollywood spy thriller: The Chinese hide malware in a Metro rail cars security camera system that allows surveillance of Pentagon or White House officials as they ride the Blue Line sending images back to Beijing. ... Or sensors on the train secretly record the officials conversations. Or a flaw in the software that controls the train inserted during the manufacturing process allows it to be hacked by foreign agents or terrorists to cause a crash.
Congress, the Pentagon and industry experts have taken the warnings seriously, and now Metro will do the same. The transit agency recently decided to add cybersecurity safeguards to specifications for a contract it will award later this year for its next-generation rail cars following warnings that Chinas state-owned rail car manufacturer could win the deal by undercutting other bidders.
Metros move to modify its bid specifications after they had been issued comes amid Chinas push to dominate the multibillion-dollar U.S. transit rail car market. The state-owned China Railway Rolling Stock Corp., or CRRC, has used bargain prices to win four of five large U.S. transit rail car contracts awarded since 2014. The company is expected to be a strong contender for a Metro contract likely to exceed $1 billion for between 256 and 800 of the agencys newest series of rail cars.
CRRCs success has raised concerns about national security and Chinas growing footprint in the U.S. industrial supply chain and infrastructure. ... This is part of a larger conversation about this country and China, and domination of industries, said Robert J. Puentes, president of the Eno Center for Transportation. We dont want to get trapped into a xenophobic conversation . . . but we also dont want to be naive.
....
Erik Olson, vice president of the Rail Security Alliance, called the assurances overly simplistic and potentially naive. ... Do we really want our municipal transit agencies to take these kinds of cyber-risks, knowing that China has deployed some of the most advanced facial recognition technology, has been responsible for hacks into our critical infrastructure, and has laid out a plan to decimate many of our industries by 2025? Olson said in an email.
This story has been updated.
Robert McCartney is The Washington Posts senior regional correspondent, covering government and politics in the greater Washington area. Follow
https://twitter.com/McCartneyWP
Faiz Siddiqui is a reporter with The Washington Post's transportation team. His coverage includes Metro, Uber and Lyft. Follow
https://twitter.com/faizsays