The intent of this study is to assess the readiness, resourcing, and structure of public transit agencies to identify, protect from, detect, respond to, and recover from cybersecurity vulnerabilities and threats. Given the multitude of connected devices already in use by the transit industry and the vast amount of data generated (with more coming online soon), the transit industry is vulnerable to malicious cyber-attack and other cybersecurity-related threats. This study reviews the state of best cybersecurity practices in public surface transit; outlines U.S. public surface transit operators’ cybersecurity operations; assesses U.S. policy on cybersecurity in public surface transportation; and provides policy recommendations that address gaps or identify issues for Congress, the Executive Branch, and the public surface transit agencies. Research methods include an online survey of public surface transit professionals in the United States and oral interviews conducted with members of the Executive Branch (e.g., U.S. Department of Transportation, U.S. Department of Homeland Security, The White House, and others), as well as research of literature published in periodicals.

Publication Date


Publication Type



Transportation Security/Counterterrorism

Digital Object Identifier


MTI Project



Cybersecurity, Policy, Safety, Security, Transit


Defense and Security Studies | Information Security | Policy Design, Analysis, and Evaluation | Transportation