Transit is Entering a New Era With New Risks
When public transportation is your business, staying out of the news is a good thing.
Delays, faulty fare systems, or stolen customer data can result in public relations nightmares and loss of ridership.
When it comes to cybersecurity, it’s important to keep in mind that death and destruction aren’t always the goal of today’s threat actors.
For example, some may want to:
- Disrupt schedules to effectively hold a system for ransom
- Tamper with signals, causing trains to run in safety mode
- Manipulate the HVAC systems in vehicles or terminals
- Break into your HR or fare and revenue (security-sensitive) databases to steal confidential employee records or customer financial information
- Cause confusion by defacing your announcement boards, websites, or public address systems
The 4 Main Challenges That Transit Systems Face
Transit has four specific challenges in terms of cybersecurity:
- Customers’ appetite for digital offerings, such as schedule information and point-of-purchase fare options, is increasing every day. Passengers expect on-demand Internet access within transit hubs and on modes of transportation. Opportunities to access and breach systems may be vast.
- Geographically dispersed equipment and properties may be challenging to protect.
- Vendors, regulators, and passengers demand more inter-connected transit systems. More information is online and vulnerable to threat actors than ever before.
- Legacy systems within highly-regulated fields mean that out-of-the-box cybersecurity solutions may not address critical needs.
We Are the Public Transportation Cybersecurity Experts
Cybersecurity Analysis has long been a thought leader in cybersecurity risks in public transit. In fact, we helped draft APTA’s recommended practices for cybersecurity.
Unlike enterprise-only firms, Cybersecurity Analysis understands that your risks comprise both technical and process-related systems.
What you can expect from us:
- We have expertise in the systems that control equipment, communications, and signaling. We’ll use this knowledge to identify the “weak spots” where your processes and IT systems converge.
- We’ll work with your IT department and your signals and communications personnel to ensure that they’re working well together and to address the specific challenges inherent in your operations.
- We’ll provide training that will help your staff understand what is at stake and what their critical roles in cybersecurity are. That way, you can affect a cultural change that creates cybersecurity mindset that mirrors your enterprise’s safety culture.
What Does a Cybersecurity Risk Management Plan from Cybersecurity Analysis Include?
In terms of public transportation, we’ll address:
- Fare and revenue collection systems, so you can protect your customer’s information while keeping your payment processes running
- Dispatch systems
- Employee data
- Financial information
- Communications and control systems
- Vital/safety-critical systems
- Non-vital/operationally-critical systems
- Fire and life-safety systems
- Automated systems, with a specific focus on your internal security team’s understanding of how they function and what the risks are
- Products or services that may present attack pathways for hackers
- IT-level systems security
- Any other unusual exposures that your operation may have