Hacking concerns as Metro considers buying rail cars from China

WASHINGTON — The four U.S. senators who represent Maryland and Virginia are raising concerns that spies could potentially infiltrate Metro if the transit agency decides to buy rail cars from China.

In a letter sent to Metro General Manager Paul Wiedefeld on Jan. 18, the senators noted that foreign governments often build transportation equipment for U.S. communities.

“While other cities have welcomed this kind of investment, we have serious concerns about similar activity happening here in our nation’s capital, particularly when it could involve foreign governments that have explicitly sought to undermine our country’s economic competitiveness and national security,” the senators wrote.

Metro is searching for companies to build its next-generation 8000-series rail cars, and state-owned Chinese rolling stock manufacturer CRCC Corporation is reportedly a strong contender for the contract.

“As Metro continues its procurement process for the 8000-series rail car, we strongly urge you to take the necessary steps to mitigate growing cyber risks to these cars,” wrote the senators.

The new rail cars are expected to have technology, such as automatic train control, that could allow foreign spies to take control of Metro’s systems, the senators said.

The letter was signed by Maryland Sens. Ben Cardin and Chris Van Hollen and Virginia Sens. Tim Kaine and Mark Warner.

“Many of these technologies could be entirely susceptible to hacking, or other forms of interference,” they wrote.

The senators asked Metro to provide information about its “cybersecurity protocols” and urged the agency to have protections in place to ensure that rail cars are “sourced from safe and reliable suppliers.”

They also asked a series of questions, including whether Metro plans to consult with the Department of Defense before awarding the contract, in order to see if there are any concerns about Chinese rail cars operating around the Pentagon.

In a statement on Monday morning, Wiedefeld confirmed to WTOP he had received the letter and would respond to the senators.

“We recognize the important national security concerns being raised, and we are working to strengthen this procurement and others with new cybersecurity requirements,” Wiedefeld said. “While we have a fiduciary responsibility with all procurement, safety and security is always our first priority.”

Like WTOP on Facebook and follow @WTOP on Twitter to engage in conversation about this article and others.

© 2019 WTOP. All Rights Reserved. This website is not intended for users located within the European Economic Area.

More from WTOP

Log in to your WTOP account for notifications and alerts customized for you.

Sign up