Safety and Security Analysis for Movable Railroad Bridges

Movable railroad bridges, consisting of lift, bascule, or swing bridges have been used by American rail tracks that cross usable waterways for over a century. Although custom made, movable bridges share many common components and designs. Most of them use weight bearing towers for the movable span using electric or electro-hydraulic systems lift and/or rotate these movable spans. Automated locks hold the bridge in place as soon as the movement stops. The bridge operation, train and ship signaling systems work in synchrony for trains and waterway traffic to be granted safe passage with minimal delay. This synchrony is maintained by using custom-made control systems using Programmable Logic Controllers (PLCs) or Field Programmable Gate Arrays (FPGAs). Controllers located on the movable and the static parts of the bridge communicate using radio and/or wired underwater links sometimes involving marine cables. The primary objective of this paper is to develop a framework to analyze the safety and security of the bridge operating systems and their synchronous operations with railway and waterway systems. We do so by modeling the movable physical components and their control system with the interconnected network system and determine the faults and attacks that may affect their operations. Given the prevalence of attacks against PLCs, FPGAs and controllers, we show a generic way to determine the effect of what if scenarios that may arise due to attacks combined with failures using a case study of a swing bridge.