Cybersecurity and Transportation: Is the Transit Industry Prepared?

The Grayline team was part of a research project commissioned by the Mineta Transportation Institute (MTI)  to study the current state of cybersecurity among U.S. public transit agencies. The intent of this study is to assess the readiness, resourcing, and structure of public transit agencies to identify, protect from, detect, respond to, and recover from cybersecurity vulnerabilities and threats.

Given the multitude of connected devices already in use by the transit industry and the vast amount of data generated (with more coming online soon), the transit industry is vulnerable to malicious cyber-attack and other cybersecurity-related threats. This study reviews the state of best cybersecurity practices in public surface transit; outlines U.S. public surface transit operators’ cybersecurity operations; assesses U.S. policy on cybersecurity in public surface transportation; and provides policy recommendations that address gaps or identify issues for Congress, the Executive Branch, and the public surface transit agencies. Research methods include an online survey of public surface transit professionals in the United States and oral interviews conducted with members of the Executive Branch (e.g., U.S. Department of Transportation, U.S. Department of Homeland Security, The White House, and others), as well as research of literature published in periodicals.

The study and the underlying data can be found here. The study concludes with the following:

The cybersecurity threat to public transit operations is real. This is not a new observation, as many before have tried to emphasize the need to address this threat. The resources and knowledge are available; what is lacking is the focus at all levels. Mitigating this threat and reducing its impact requires concerted, coordinated effort among policy makers, industry representatives and public transit leadership. The recommendations above seek to incentivize the respective stakeholders to work together to make our public transit systems more safe, secure, and resilient.

Thank you to Karen Philbrick and the Mineta Transportation team for sponsoring this research. We are excited to leverage this research beyond the public transit industry as we assist our clients as they seek to improve their cyber risk management practices.