Association of American Railroads

A security flaw in the U.S. rail system, identified in 2012, allows remote activation of emergency brakes using readily available technology. The vulnerability lies in the End-of-Train (EoT) modules, which lack robust security. The Association of American Railroads (AAR) reportedly dismissed the initial warnings. Only after a recent advisory from CISA did the AAR announce an upgrade plan, expected to be fully deployed by 2027, fifteen years after the flaw was first discovered.