Researchers at the Mineta Transportation Institute (MTI) at San Jose State University have been investigating the level of preparedness of transit agencies against cyber attacks. The report – Is the Transit Industry Prepared for the Cyber Revolution? Policy Recommendation to Enhance Surface Transit Cyber Preparedness – surveyed 90 transit agencies. It found that while over 80% of agencies consider themselves prepared for a threat, only 60% have a defined cybersecurity plan, and 43% say their plan is insufficient.
The U.S. Department of Homeland Security (DHS) has designated transportation as one of 16 critical infrastructure sectors that would have a debilitating effect on national security if disrupted. MTI pointed out that given the multitude of connected devices already in use by the transit industry – and the vast amount of data generated – the transit industry is vulnerable to malicious cyber-attack and other cybersecurity-related threats.
The research team made a number of recommendations, including:
- the Federal Transit Administration (FTA) should develop cybersecurity standards and guidance for transit operators and require them to adopt and implement those standards prior to receiving federal funding;
- federal funds should be allocated to develop standards and tools and ensure transit operators have the resources needed to implement the new requirements; and,
- industry trade associations should provide more cybersecurity guidance to enable transit agencies to be prepared.
“Fortunately, there is an abundance of information and tools, such as the Transportation Systems Sector (TSS) Cybersecurity Framework Implementation Guidance and accompanying workbook, available to public transit agencies to support a cybersecurity program,” said Scott Belcher, the report’s principal investigator.