Public transit agencies in the United States depend on external vendors to help deliver and maintain many essential services and to provide critical technologies, from ticket purchases to scheduling to email management. While the integration of new, advanced technologies into the public transit industry brings important advancements to U.S. critical transportation infrastructure, the application of digital technologies also brings with it a new assortment of digital risks. Transit agencies of all sizes are finding themselves subject to cyber incidents—most notably ransomware attacks—like those experienced by larger, more prominent companies and critical infrastructure providers. The findings in this report focus on helping all parties involved improve in three key areas: cyber literacy and procurement practices, the lifecycle of technology vis-à-vis transit hardware, and the importance of embracing risk as a road to resiliency.
Security and Counterterrorism, Transit and Passenger Rail, Transportation Technology
Digital Object Identifier
Mineta Transportation Institute URL
Cybersecurity, Ransomware, Public Transit, Cyber attack, Enterprise Risk Management
Information Security | Systems Architecture | Transportation
Scott Belcher, Terri Belcher, Kathryn Seckman, Brandon Thomas, and Homayun Yaqub. "Aligning the Transit Industry and Their Vendors in the Face of Increasing Cyber Risk: Recommendations for Identifying and Addressing Cybersecurity Challenges" Mineta Transportation Institute Publications (2022). https://doi.org/10.31979/mti.2022.2113