Cybersecurity risks in the transit industry

Jermaine Santoya

The transit industry is growing fast thanks to new technology and innovation. But these changes come with a higher number of threats, including ransomware attacks and private data breaches, among others.

For transit agencies to take advantage of new trends and ensure the safety of employees and customers, they need to be treated as critical infrastructure.

Learn more about how Genetec approaches cybersecurity

A key finding in a recent study by Mineta Transportation Institute (MTI) showed that over 80% of public transit agencies felt prepared for a cybersecurity threat, even though only 60% have a cybersecurity strategy in place.

Other interesting findings show that:

- 73% have access to information to help implement a cybersecurity preparedness program

- 47% reported auditing their cybersecurity program at least once a year

- More than 50% don’t keep a log for longer than a year — one of the most basic cybersecurity preparedness requirements

- 36% don’t have a cyber disaster recovery plan

- 67% don’t have a cyber crisis communications plan

Cyber threats pose major risks to the transit industry

Increasing risk factors and impacts

Commuters expect to have information at their fingertips to help them make commuting decisions. Cities want to cater to these trends to become the next smart city.

As a result, public transit agencies look to modernize their infrastructure to stay competitive in the industry, exposing them to a growing list of attack vectors:

- Larger sets of data to manage and secure

- Wider distributed network access points

- Longer supply chains to rely on

These risks are not limited to operational data – everything and anything digitized is a target, including sensitive financial data and personal employee information.

The risks even extend to command and control systems that, if breached, could bring transportation to a standstill.

Transit is critical infrastructure

According to the U.S. Department of Homeland Security, the Transportation System Sector, including public transit, is critical infrastructure.

This sets public transit agencies on par with organizations in the defense sector, the energy sector, and the public health sector. But it hasn’t received the attention it should when it comes to cybersecurity.

Cybersecurity breaches are on the rise in the transit industry, in the form of ransomware attacks, private data breaches, and hardware that can have malware.

Public transit agencies need to increase their cybersecurity awareness to reap the benefits of innovation while limiting their exposure to these risks.

The importance of trusted partners

Interconnectivity is at the core of innovation in technology. This means standalone closed systems are a thing of the past, and cybersecurity is no longer exclusively a software issue.

More devices and virtual services mean that transit agencies need more help from partners and suppliers.

In recent years, governments around the world have made efforts to block untrustworthy suppliers from taking part in critical infrastructure projects. This is because of concerns over some manufacturers providing hardware with preloaded malware.

When it comes to cyber threats, an overwhelming 40% of all breaches are traced back to the supply chain.

That’s why transit agencies must find trusted partners that follow cybersecurity best practices for both their hardware and software.

The future of the public transit industry

We can expect regulators to put more effort towards protecting public transit as critical infrastructure. In the energy sector, the North American Electric Reliability Corporation (NERC) already responded by enforcing CIP-13, the supply chain risk management standard that requires power utilities to implement a supply chain risk management program.

How long until regulators step in to mitigate risk to other critical infrastructure?

As a proactive step in the meantime, transit agencies can vet each vendor’s cybersecurity readiness.

Want to learn more about how Genetec approaches cybersecurity?

About the Author

Jermaine Santoya, Industry Marketing Manager, Genetec Inc.
More content by Jermaine Santoya

Top physical security trends for 2021

Find out what the top physical security trends will be for 2021: from COVID-19 response solutions, privacy ...

Optimize video analytics hardware resources with Analyzer management

KiwiVision unified video analytics introduces Analyzer management, which provides automatic load balance an...

Speak with a Genetec expert

Company

Country

First Name

I understand and agree to the privacy policy.

Your request has been received!

Error - something went wrong!

Return to Home

Welcome to our Resource Center

Cybersecurity risks in the transit industry

The importance of trusted partners

The future of the public transit industry

About the Author

Previous Article

Next Article

Cybersecurity risks in the transit industry

The importance of trusted partners

The future of the public transit industry

About the Author

Previous Article

Next Article

Most Recent Articles

Unicast or multicast? Or a blend of both? Learn which way of exchanging video surveillance data is right for you.

Find out what the top physical security trends will be for 2021: from COVID-19 response solutions, privacy protection, and cybersecurity to industry products, cloud, access control, and analytics.

KiwiVision unified video analytics introduces Analyzer management, which provides automatic load balance and gives an overview of resource utilization. Learn more in our blog post.

Read our new blog to learn about our partnership with 2N, a global leader in IP intercoms, and how our collaboration is a great example of how integration can benefit customers.

The physical security industry in Scotland has been evolving rapidly, as many organizations migrate from analog systems towards fully integrated IP solutions. Learn more about their challenges.

With cyber attacks on the rise, protecting your organization’s physical security is becoming an increasingly demanding task. Here are five ways you can help protect your organization.

Here are five things you’ll want to consider before making your decision.

Cybercrime damages are expected to cost the world $6 trillion annually by 2021. Find out how cyber hygiene is essential to ensure your company is always prepared for a cybersecurity attack.

Looking for tools to help you implement and maintain a strong cybersecurity strategy? Check out our blog post.

The transit industry is due for an effective change, but poor data culture is holding it back. While more data is good, information is better. Read on to learn how the transit industry can evolve.

How can you tell if a security vendor is committed to cybersecurity? Here are some questions you can ask them

As power utilities digitize the grid, they work with more vendors, which can increase supply chain vulnerabilities. We asked and answered 6 important questions to help comply with the NERC's CIP-13.

Parking operators often lose valuable time on the job when employees have to verify misread license plate information. Read this blog to learn more about how you can improve your ALPR accuracy.

Read the latest Genetec Q&A about how large-scale organizations are streamlining their security infrastructure using cloud-based video management solutions.

Genetec hosted two private roundtables with eight leading airports from across North America to gain insights and share best practices on the changes they’re experiencing. Read the conversation here.

Do you already have Genetec Security Center version 5.9? Upgrade to our Minor release, 5.9.3, and get access to several new features. Read our blog post to learn more!

Building safer, smarter cities isn’t an overnight process.Read this blog to find out more about how Genetec and Intel are working to help protect our everyday lives.

Looking for the best video analytics solution? Here is a list of five things you should keep in mind.

Read our blog post to find out more about how the City of New Orleans uses Genetec Security Center to spot illegal dumping and keep NOLA safe and clean.

Over 1800 higher education security professionals were surveyed to get a better idea of the obstacles they face in securing their buildings and properties. Learn how access control plays a major role.