We study the impact of signal jamming attacks against the communication based train control (CBTC) systems and develop the countermeasures to limit the attacks' impact. CBTC supports the train operation automation and moving-block signaling, which improves the transport efficiency. We consider an attacker jamming the wireless communication between the trains or the train to wayside access point, which can disable CBTC and the corresponding benefits. In contrast to prior work studying jamming only at the physical or link layer, we study the real impact of such attacks on end users, namely train journey time and passenger congestion. Our analysis employs a detailed model of leaky medium-based communication system (leaky waveguide or leaky feeder/coaxial cable) popularly used in CBTC systems. To counteract the jamming attacks, we develop a mitigation approach based on frequency hopping spread spectrum taking into account domain-specific structure of the leaky-medium CBTC systems. Specifically, compared with existing implementations of FHSS, we apply FHSS not only between the transmitter-receiver pair but also at the track-side repeaters. To demonstrate the feasibility of implementing this technology in CBTC systems, we develop a FHSS repeater prototype using software-defined radios on both leaky-medium and open-air (free-wave) channels. We perform extensive simulations driven by realistic running profiles of trains and real-world passenger * In this paper, we study the cybersecurity of communicationbased train control (CBTC) [18], an automatic train control system that enables trains to run with shorter headways, thereby improving track utilization. In CBTC, the trains can continuously exchange their states of motion (i.e., location, velocity, and acceleration/deceleration capabilities) among each other over high-speed wireless communication links, and optimize their headway accordingly. However, CBTC has stringent requirements for communication availability, and the loss of communication can lead to severe disruptions. A recent real-world incident occurred for the Singapore metro [4], in which a train with faulty signaling hardware affected the communication of other trains traveling in its vicinity. This resulted in the trains activating their emergency brakes unnecessarily, leading to multiple delays and widespread disruptions. Another incident involving CBTC signaling fault resulted in more serious train collision [9]. These incidents highlight the importance of understanding cyber attacks that can cause the loss of signaling in CBTC and developing countermeasures.We consider signal jamming attacks against the CBTC, in which the attacker injects an interference signal into the wireless transmission in order to disrupt the communications (specifically, trainto-train or train-to-trackside-infrastructure communications). The jamming can disable the CBTC and negate its benefits such as transport efficiency. The threat is acute in urban train systems as they are accessed by and share the same physical space with the ...