Technology: Results of Audit Assessing the Company’s Disaster Recovery Practices for Its Operational Technology Systems

Amtrak (the company) uses operational technology (OT) systems to manage equipment that controls train operations, such as communications and dispatching. Disruptions to these systems resulting from a disaster—whether caused by human or technical error, natural disasters, cybersecurity attacks, or physical attacks—could cause train delays and cancellations, revenue losses, and safety risks. For example, in late December 2023, network device failures in one OT system caused multi‐hour disruptions to 14 trains on the Northeast Corridor (NEC), which led to revenue losses and reputational damage to the company. One of the company’s goals is to continuously improve disaster recovery and system resiliency for all technology systems. These include OT systems, as well as information technology systems, which process business data. Accordingly, our objective was to assess the company’s disaster recovery practices for its OT systems. Our scope included the technical systems, such as servers and network devices, that monitor and control equipment; it did not include the equipment itself, such as radios, signals, and catenary lines.

To address our objective, we reviewed company documents and assessed its controls to mitigate the risk of disruptions to OT systems. We also interviewed company officials in the Digital Technology and Innovation (DT) and Capital Delivery departments. Lastly, we conducted site visits of the company’s train control centers in Washington, D.C.; Wilmington, Delaware; Philadelphia, Pennsylvania; New York City; and Boston, Massachusetts.