"...made some changes to avoid anything like this in the future...". This is known as "locking the barn door after the horse has escaped". There's a lesson here for any railroad operation that includes the use of computers ( which, I imagine would be almost all of them). The lesson is to never presume your systems are up-to-date with protections insofar as hacking is concerned. Every organization, no matter how large or small, has to have personnel (not saying how many) who are responsible for being aware of the latest types of hacking schemes and ensuring that their organization's computer systems have been upgraded to deal with these schemes. This might mean updating currently installed protection programs daily. Reviewing the protection systems in place one month, 6 months or a year after installation is not good enough. This might well be a full-time job. So, is it worth it to your organization to pay a qualified person whatever it takes to do such a job constantly in your organization? Just kinda thinking out loud here!!
Edited 1 time(s). Last edit at 04/14/2018 11:33AM by george pearce.