Study Finds Most Public Transit Agencies Unprepared for Cyberattacks

Most transit agencies are unprepared for a major cyberattack because they lack a cybersecurity preparedness program.

The Mineta Transportation Institute said it found three in five agencies have a cybersecurity preparedness program, but 42 percent do not have an incident response plan and 36 percent lack a disaster recovery plan.

The institute said it reached those findings by conducting a survey of transit operators that serving more than a third of the U.S. population.

“From our perspective, the transit industry is ill prepared for malicious cyberattacks and other types of cyber-related threats,” said Scott Belcher, one of the study’s authors.

More than half the agencies fail to keep their computer system’s log data for more than year, and 12 percent don’t retain their logs at all.

Belcher said the logs are essential because in the event of a cyberattack log data is needed to be able to rebuild what has been lost and get operations back to normal as soon as possible.

Agencies said they lack the funding, staff, and training needed to protect their systems.

“They are overextended, and they have many unfunded mandates and many competing priorities, and cybersecurity is just one of them,” Belcher said.

Belcher said larger and newer transit agencies are most at risk because they have partnered with outside vendors to enable cashless payments or real-time data for service alerts and delays.

“Ironically, the older and less sophisticated transit organizations are less vulnerable from a cyber perspective because they’re really not taking advantage of technology in the way that a more sophisticated transit organization is,” Belcher said.

Although the American Public Transportation Association and federal agencies have sought to provide guidance on cybersecurity risks, the Mineta Institute study found there are many conflicting and inconsistent guidelines.

The study recommends that the Federal Transit Administration set minimum cybersecurity standards and require transit agencies to meet these standards before receiving federal grants.

The institute also said Congress need to increase funding to help agencies comply with these criteria.

Tags: , , ,

One Response to “Study Finds Most Public Transit Agencies Unprepared for Cyberattacks”

  1. Eromonsele Emmanuel Says:

    I think it’s imperative and of good interest to public transit agencies that this research was conducted. However, I’m here thinking why someone would want to hack em. To get free tickets? Know bus routes? Or what? I don’t know if the reasons for cyber attacks are viable but you could educate me Sanders.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: