THE disruption to train services in Poland’s West Pomeranian Voivodeship last month appears to have been caused by the unauthorised broadcast of an emergency stop message on an unencrypted train radio system rather than a cyber attack launched against railway IT systems.

Infrastructure manager PKP PLK says that the stop signal was transmitted at 21.23 on August 25 “by an unknown offender.” It was received by all signalling and control staff and all drivers on two sections of the network converging on Szczecin main station, the section of line 273 from Daleszewo and the section of line 351 from Choszczno.

The emergency stop signal brought all trains to a stand automatically, affecting over 20 trains by 23.30. Freight traffic which was temporarily halted for safety reasons and was restored just before 02.00 on August 26.

No injuries or damage were reported as a result of the unauthorised transmission.

PKP PLK says that the relevant authorities were immediately notified of the incident, including the police and Poland’s internal security agency ABW, as well as operators PKP Intercity, PolRegio, and PKP Cargo.

A special team bringing together representatives of the infrastructure manager and the operators has been set up to monitor the situation closely and to ensure safe and efficient train operations.

Speaking to the technology website Wired, Mr Lukasz Olejnik, an independent cybersecurity consultant, said that the emergency stop command consisting of three acoustic tones could have been broadcast at the railway frequency of 150MHz using off the shelf radio equipment.

“The frequencies are known. The tones are known. The equipment is cheap,” he said. Poland’s railway mobile radio network is due to be upgraded to the encrypted GSM-R system by 2025, but until then the relatively unprotected 150MHz VHF system remains in place.

According to media reports, the tones of the stop signal were interspersed with recordings of the Russian national anthem and a speech by the country’s president, Mr Vladimir Putin. This gave rise to speculation that a deliberate cyber attack had been launched to disrupt supply lines to Ukraine.

“We know that for some months there have been attempts to destabilise the Polish state,” Mr Stanislaw Zaryn, a senior security official, told Polish news agency PAP.

“Such attempts have been undertaken by the Russian Federation in conjunction with Belarus.”