Researchers at the Mineta Transportation Institute said transit agencies are at a greater risk of cybersecurity threats in an update of its 2020 findings on the same issue.
The report, “Is the Transit Industry Prepared for the Cyber Revolution?” found in 2020 that the industry was ill-prepared for cybersecurity threats and attacks. Now, four years later, the latest report, “Does the Transit Industry Understand the Risks of Cybersecurity and are the Risks Being Appropriately Prioritized?” found that cybersecurity preparedness in the industry has not markedly improved.
An analysis of online surveys from 78 agencies, as well as interviews with transit professionals and a review of relevant literature, found that there is a lack of organization knowledge about cybersecurity; that many agencies lack documented policies and procedures for cybersecurity; and that smaller agencies are further behind on cybersecurity than larger ones.
“The increasing sophistication of cybercriminals, in combination with a greater reliance on technology within the transit industry, puts the industry at higher risk than in 2020,” the study’s authors said. “Agencies are not conducting regular cybersecurity assessments or putting basic policies and procedures in place to minimize the likelihood of a cybersecurity breach and to recover from the harm when one occurs.”
The study authors recommend agencies should develop cybersecurity plans and update them annually, conduct cybersecurity assessments, create documented cybersecurity policies and procedures, and have at least one person on staff with a cybersecurity certificate who is qualified to oversee the agencies cybersecurity program and/or vendors.