Cybersecurity risks in the transit industry

Jermaine Santoya

The transit industry is growing fast thanks to new technology and innovation. But these changes come with a higher number of threats, including ransomware attacks and private data breaches, among others.

For transit agencies to take advantage of new trends and ensure the safety of employees and customers, they need to be treated as critical infrastructure.

Learn more about how Genetec approaches cybersecurity

A key finding in a recent study by Mineta Transportation Institute (MTI) showed that over 80% of public transit agencies felt prepared for a cybersecurity threat, even though only 60% have a cybersecurity strategy in place.

Other interesting findings show that:

- 73% have access to information to help implement a cybersecurity preparedness program

- 47% reported auditing their cybersecurity program at least once a year

- More than 50% don’t keep a log for longer than a year — one of the most basic cybersecurity preparedness requirements

- 36% don’t have a cyber disaster recovery plan

- 67% don’t have a cyber crisis communications plan

Cyber threats pose major risks to the transit industry

Increasing risk factors and impacts

Commuters expect to have information at their fingertips to help them make commuting decisions. Cities want to cater to these trends to become the next smart city.

As a result, public transit agencies look to modernize their infrastructure to stay competitive in the industry, exposing them to a growing list of attack vectors:

- Larger sets of data to manage and secure

- Wider distributed network access points

- Longer supply chains to rely on

These risks are not limited to operational data – everything and anything digitized is a target, including sensitive financial data and personal employee information.

The risks even extend to command and control systems that, if breached, could bring transportation to a standstill.

Transit is critical infrastructure

According to the U.S. Department of Homeland Security, the Transportation System Sector, including public transit, is critical infrastructure.

This sets public transit agencies on par with organizations in the defense sector, the energy sector, and the public health sector. But it hasn’t received the attention it should when it comes to cybersecurity.

Cybersecurity breaches are on the rise in the transit industry, in the form of ransomware attacks, private data breaches, and hardware that can have malware.

Public transit agencies need to increase their cybersecurity awareness to reap the benefits of innovation while limiting their exposure to these risks.

The importance of trusted partners

Interconnectivity is at the core of innovation in technology. This means standalone closed systems are a thing of the past, and cybersecurity is no longer exclusively a software issue.

More devices and virtual services mean that transit agencies need more help from partners and suppliers.

In recent years, governments around the world have made efforts to block untrustworthy suppliers from taking part in critical infrastructure projects. This is because of concerns over some manufacturers providing hardware with preloaded malware.

When it comes to cyber threats, an overwhelming 40% of all breaches are traced back to the supply chain.

That’s why transit agencies must find trusted partners that follow cybersecurity best practices for both their hardware and software.

The future of the public transit industry

We can expect regulators to put more effort towards protecting public transit as critical infrastructure. In the energy sector, the North American Electric Reliability Corporation (NERC) already responded by enforcing CIP-13, the supply chain risk management standard that requires power utilities to implement a supply chain risk management program.

How long until regulators step in to mitigate risk to other critical infrastructure?

As a proactive step in the meantime, transit agencies can vet each vendor’s cybersecurity readiness.

Want to learn more about how Genetec approaches cybersecurity?

About the Author

Jermaine Santoya, Industry Marketing Manager, Genetec Inc.
More content by Jermaine Santoya

Top physical security trends for 2021

Find out what the top physical security trends will be for 2021: from COVID-19 response solutions, privacy ...

Optimize video analytics hardware resources with Analyzer management

KiwiVision unified video analytics introduces Analyzer management, which provides automatic load balance an...

Speak with a Genetec expert

Company

Country

First Name

I understand and agree to the privacy policy.

Your request has been received!

Error - something went wrong!

Return to Home

Welcome to our Resource Center

Cybersecurity risks in the transit industry

The importance of trusted partners

The future of the public transit industry

About the Author

Previous Article

Next Article

Cybersecurity risks in the transit industry

The importance of trusted partners

The future of the public transit industry

About the Author

Previous Article

Next Article

Most Recent Articles

Genetec Security Center 5.10 is now available! Read this blog post to learn more about how our unified security center platform bridges the gap between on-premises systems and the cloud.

The U.S. cannabis industry has seen explosive growth in recent years. Security protocols vary and regulatory standards are constantly changing. An open, unified physical security platform can help.

Canadian mass transit agencies are looking at unification to help drive higher levels of collaboration and efficiency across their organizations. Check out our blog post to learn more.

Is there a difference between a unified physical security system and an integrated one? Which is better? Check out our latest Genetec blog post to get answers to these questions and more.

Hybrid cloud architecture helps you optimize your physical security system by leveraging both on-premises solutions and the Cloud. Check out our blog post to learn more.

The best way to create a safe environment for students and staff in K-12 schools is with a unified security solution that can address needs today and in the future.

Interns have been an integral part of Genetec since it was founded in 1997. The pandemic has forced many organizations to limit their internship positions but at Genetec, the program continues to grow

In this blog post, we highlight the impact technology has on privacy rights and the importance of protecting personal information.

Video analytics can be used not only to automate security tasks, but can also enhance operations and maintenance to help reduce costs, improve efficiency and allow for more informed decisions.

Unicast or multicast? Or a blend of both? Learn which way of exchanging video surveillance data is right for you.

Find out what the top physical security trends will be for 2021: from COVID-19 response solutions, privacy protection, and cybersecurity to industry products, cloud, access control, and analytics.

KiwiVision unified video analytics introduces Analyzer management, which provides automatic load balance and gives an overview of resource utilization. Learn more in our blog post.

Read our new blog to learn about our partnership with 2N, a global leader in IP intercoms, and how our collaboration is a great example of how integration can benefit customers.

The physical security industry in Scotland has been evolving rapidly, as many organizations migrate from analog systems towards fully integrated IP solutions. Learn more about their challenges.

With cyber attacks on the rise, protecting your organization’s physical security is becoming an increasingly demanding task. Here are five ways you can help protect your organization.

Here are five things you’ll want to consider before making your decision.

Cybercrime damages are expected to cost the world $6 trillion annually by 2021. Find out how cyber hygiene is essential to ensure your company is always prepared for a cybersecurity attack.

Looking for tools to help you implement and maintain a strong cybersecurity strategy? Check out our blog post.

The transit industry is due for an effective change, but poor data culture is holding it back. While more data is good, information is better. Read on to learn how the transit industry can evolve.

How can you tell if a security vendor is committed to cybersecurity? Here are some questions you can ask them