"Public Transit Agencies Are Vulnerable to Cyber Threats, Researchers Warn"

Researchers with the Mineta Transportation Institute (MTI) urge transit agencies to implement a unified risk management strategy as well as regulators to provide more guidance. According to a recent MTI report, transit agencies are unprepared for hacks and ransomware attacks, so they must think more strategically to deal with cyber threats. In addition, at agencies, hardware and software life cycles are often found to be "out of sync," meaning that physical infrastructure is sometimes supported by software that no longer receives security updates from vendors, thus making it more vulnerable to attack. Researchers spoke with transit officials in charge of technology or information security, and they urged agencies to make better use of the procurement process to clarify their cyber needs, such as ensuring agency staff understands cybersecurity practices and that protocols are integrated into the process. The report called on transit officials to better understand the difference between risk and security when assessing their cyber needs, calling it "foundational." According to the report, security is a state of being in which organizations take steps to protect themselves, essentially creating an environment free of or resilient to harm. Researchers advised transit agencies to develop an enterprise risk management strategy, which would include the management of every type of risk it encounters on a regular basis, including cyber, in order to better prepare for cyber threats. They also urged transit organizations such as the American Public Transportation Association (APTA) to create their own standards. Regulators should also broaden their cybersecurity guidance for critical infrastructure, including public transportation. It was mentioned in the report that the Transportation Security Administration (TSA) has previously addressed cybersecurity for rail last December and that other modes of transportation should do the same. This article continues to discuss the MTI's report on aligning the transit industry and its vendors in the face of increasing cyber risk.

GCN reports "Public Transit Agencies Are Vulnerable to Cyber Threats, Researchers Warn"