Research carried out by the Mineta Transportation Institute also found that less than half of agencies reported auditing their cybersecurity programme at least once a year.
Only three-fifths of transit agencies in the US have a cybersecurity preparedness plan, leaving them ill-prepared for a cyberattack, a new report warns.
This is despite more than four-fifths of agencies reported “feeling prepared” for a cybersecurity threat, according to: Is the Transit Industry Prepared for the Cyber Revolution: Policy Recommendation to Enhance Surface Transit Cyber Preparedness report.
Some 90 transit agencies were surveyed for the Mineta Transportation Institute (MTI) research which assessed the readiness of agencies to understand, mitigate, and respond to the growing threat of cybersecurity.
The US Department of Homeland Security has designated the transportation system sector as one of 16 critical infrastructure sectors whose disruption would have a debilitating effect on the nation’s security.
The report found that most transit agencies, which fall within this sector, do not have many of the basic policies or personnel in place to respond to a cyber incident.
Other key findings include:
According to MTI, agencies that have become aware of the imminent threat have taken action to protect themselves from cyberattacks, including seeking technical leadership from outside the transit industry and contracting out the management of personally identifiable information (PII).
“Fortunately, there is an abundance of information and tools, such as the Transportation Systems Sector Cybersecurity Framework Implementation Guidance and accompanying workbook, available to public transit agencies to support a cybersecurity programme,” said Scott Belcher, MTI research associate and report principal investigator.
For the majority of transit agencies, resources for cybersecurity will remain scarce and thus there needs to be a collaborative effort from the federal government, the industry, and agency leadership to establish, maintain, and refine cybersecurity programmes, the report notes.
The research team recommended federal funds be allocated for the development of comprehensive cybersecurity preparedness plans and their implementation
The research team emphasised that Federal Transit Administration (FTA) should require transit organisations to adopt and implement minimum cybersecurity standards prior to receiving federal funding.
The team also recommended federal funds be allocated for the development of comprehensive cybersecurity preparedness plans and their implementation. Industry trade associations should continue to develop, refine, and improve existing cybersecurity guidance to enable transit agencies to adequately prepare for the inevitable cyber disruption and maintain a ready approach in the event of an attack.
Founded in 1991, MTI at San Jose State University mission is to increase mobility for all by improving the safety, efficiency, accessibility, and convenience of the US transportation system.
You might also like: