WASHINGTON — Amtrak should take steps to better address distribution, tracking, and retrival of keys which control access to critical and sensitive infrastructure, the Amtrak Office of Inspector General said in a report issued Wednesday.
Citing the sensitive nature of the material, the highly redacted report offers few specifics on the types of locations that can be accessed with the keys, which the OIG says in a press release “could give bad actors an opportunity to disrupt train operations.” It notes that the report was spurred by the discovery that in July 2022, a Florida-based employee was attempting to sell high-security switch keys and other railroad keys on line. That employee has been charged by the state of Florida for attempting to sell the keys and for receiving stolen property, the Office of Inspector General said in a press release.
The report found that it is not feasible to recover thousands of keys already in the public domain, and rekeying the thousands of locks involved would be cost-prohibitive. It recommends three sets of actions:
— Development of a company-wide key management policy, assigning roles for key control;
— Identify and manage keys in circulation through an inventory of keys currently in possession of employee and contractors, retrieval of keys from those who no longer need them for current work duties or are about to leave the company, and establishment of a regular process to update that key inventory;
— Establishment of a centralized method of tracking keys, such as key management software.
Amtrak management agreed with these recommendations and set a target date of May 3l, 2023, for the first recommendation and Sept, 30, 2024, for the other two, the report notes.
Oh, keys. Basically, locks prevent accidental opening, as any airline website will tell you is TSA policy for luggage. One key opens any traffic signal cabinet and half the street lighting cabinets in Wisconsin. Anybody electrician, apprentice or helper could own one. Or other people as well. Maybe even me. Maybe I even have a spare. The cabinet is locked so some neighborhood kid doesn’t get electrocuted. A disgruntled electrician who wants to sabotage a traffic signal would have an easy time of it.
There’s also a danger, in some circumstances, of an authorized person NOT having a key, or the lock changed but people needing a key haven’t got one yet. That’s why firefighters have an easy time gaining access to sprinkler control rooms.
Redacting locations where the keys can be used is security theatre. Railfans already know and bad actors are either too stupid to find out or already know, that’s why they would want a switch key.