Critical Infrastructure Case Study
Security breaches do not always come from targeted attacks. Untargeted, general attacks can also cause a security breach in an organization. Let’s look at the CSX Corporation virus incident of August of 2003.
The SoBig computer virus infected CSX Corporation’s computer network at its headquarters in Jacksonville, Florida. These infected systems flooded the internal network with infection attempts and spammed the equivalent of an internal DDoS attack. No critical systems got infected, but the network congestion disrupted signaling dispatching and other mission critical systems.
Freight trains were delayed. At least 10 Amtrak long-distance trains were canceled or delayed up to six hours, and commuter trains in Washington D.C. were canceled. Half-hour delays continued for the next few days. The initial damage ran into the millions in late delivery penalties and customer refunds, and millions more were spent updating and expanding the antivirus and network systems to mitigate any further issues.
