Norfolk state rep worried about cyber security with new Chinese-built subway cars

State Rep. Shawn Dooley admits his new bill sound likes something out of a James Bond movie or Tom Clancy novel.

He said his worries about potential cyber-security issues with Chinese-built MBTA subway cars have caused some to question whether he is a conspiracy theorist.

But Dooley, R-Norfolk, said his concerns are legitimate and he is not crazy. At least not crazy on this issue, he joked.

Dooley has filed a bill that would prohibit the state from doing business with firms that are subsidized by non-market economy countries.

Specially, he is concerned with China Railway Rolling Stock Corp., which has an $840 million contract to build subway cars for the MBTA’s Orange and Red lines.

He said the company, which is owned by the Chinese government, could be a “Trojan horse” to establish a foothold in the U.S. market and undercut domestic manufacturers.

Furthermore, he said, China is known for its industrial spying and cyber capabilities.

He questions whether the company, known as CRRC, could place devices in the cars to obtain personal and financial information on passengers.

Or, if China could remotely control the cars and shut them down or cause them to crash in a time of emergency, Dooley said.

The idea first came to him, he said, while watching a cyber security film at the U.S. Naval Academy with his daughter, who attends the academy.

The film showed a hacker starting up and controlling someone’s motor vehicle with a cellphone, he said.

There are many reasons to be concerned about China, he said.

Its companies can underbid U.S. ones for contracts because they are subsidized and have cheaper labor. It is known for industrial spying. And it has documented human rights abuses.

“China’s a known bad actor,” he said.

While he admits some on Beacon Hill think his fears are unfounded, Dooley said Congress has recently become interested in the same concerns and China is believed to be behind large data breaches at Western companies.

There are some who say Dooley has a point.

Andrew Grotto, a lecturer at Standford University’s Center for Intelligence, Security and Cooperation, said he has two concerns about the subway cars.

One is they contain a lot of digital technology to operate them that can be misused.

“If implemented properly, these technologies can make the trains safer for passengers. If implemented improperly, malicious actors can use these technologies to not only spy on passengers, but interfere with train operations and potentially cause crashes. These risks exist no matter who supplies the subway cars,” he told The Sun Chronicle.

His second concern is China.

“The second layer of risk has to do specifically with China. There are mountains of evidence about Chinese government cyber operations against U.S. targets. We know that Chinese intelligence and military units are constantly seeking ways to collect sensitive information about Americans and burrow into infrastructure so that if hostilities were ever to break out between China and the U.S., they would have the ability to launch cyber attacks against U.S. infrastructure,” he said.

Dooley said it is too late for his bill to negate the contract with the MBTA.

He said his immediate hope is the legislation will raise awareness among the public and the officials in state government.

The MBTA could not be reached for comment, but spokesman Joe Pesaturo told The Boston Herald, “The safety of the T’s systems is of the utmost importance and the MBTA has robust controls in place to maintain the security of the system.”

He said the software for the trains is made in the United States.

Read the original article here.

Featured Posts