Ensuring that the Transit Industry and Their Vendors are Aligned to Face the Increasing Cybersecurity Challenges. Recommendations for Quickly Identifying and Addressing Challenges

Cyber-attacks are inevitable. Fortunately, agencies and their vendor partners can take action to help protect themselves from attacks and to prepare for any breaches that do occur, thus ensuring the critical transportation systems of our nation continue running smoothly and safely. The U.S. Department of Homeland Security (DHS) designated the Transportation System Sector as one of 16 critical infrastructure sectors, whose disruption would have a debilitating effect on our nation’s security. And yet, ransomware, data breaches, business email compromise and other cyber threats are on the rise throughout the country. In parallel there is an enormous amount of data flowing among vehicles, systems and vendors employed throughout the public transit industry, making the transit industry especially vulnerable to cyber-attack. The intent of this study is to help public transit agencies understand the cybersecurity risks posed by the role some of their vendors play in their systems, and align the interests of the vendors with those of the agency to better understand, mitigate, and respond to cybersecurity threats. This study will review the state of best practices in supply chain cybersecurity among other industries; review the state of cybersecurity best practices in supply chain management among public transit agencies; outline modern cybersecurity operations among public transit vendors; further assess U.S. policy on cybersecurity in public transportation and potential changes from the new Administration and in response to SolarWinds; and provide operational recommendations for public transit operators and their supply chain of vendors to enhance their cyber risk management.

Language

• English

Project

• Status: Active
• Funding: $81548
• Contract Numbers:

  69A3551747127

• Sponsor Organizations:

  Office of the Assistant Secretary for Research and Technology

  University Transportation Centers Program
  Department of Transportation
  Washington, DC  United States  20590
• Managing Organizations:

  Office of the Assistant Secretary for Research and Technology

  University Transportation Centers Program
  Department of Transportation
  Washington, DC  United States  20590
• Performing Organizations:

  Mineta Consortium for Transportation Mobility

  San Jose State University
  San Jose, CA  United States  95112
• Principal Investigators:

  Belcher, Scott

• Start Date: 20210315
• Expected Completion Date: 20211231
• Actual Completion Date: 0
• USDOT Program: University Transportation Centers

Subject/Index Terms

• TRT Terms: Best practices; Computer security; Public transit; Recommendations; Risk management; Supply chain management; Transit operating agencies
• Subject Areas: Data and Information Technology; Public Transportation; Security and Emergencies;

Filing Info

• Accession Number: 01767041
• Record Type: Research project
• Source Agency: Mineta Consortium for Transportation Mobility
• Contract Numbers: 69A3551747127
• Files: UTC, RiP
• Created Date: Mar 16 2021 12:29PM