Aligning the Transit Industry and Their Vendors in the Face of Increasing Cyber Risk
Public transit agencies in the United States depend on external vendors to help deliver and maintain many essential services and to provide critical technologies, from ticket purchases to scheduling to email management. While the integration of new,
advanced technologies into the public transit industry brings important advancements to U.S. critical transportation infrastructure, the application of digital technologies also brings with it a new assortment of digital risks. Transit agencies all sizes are finding themselves subject to cyber incidents—most notably ransomware attacks—like those experienced by larger, more prominent companies and critical infrastructure providers. The findings in this San Jose State University report focus on helping all parties involved improve in three key areas: cyber literacy and procurement practices, the lifecycle of technology vis-à-vis transit hardware, and the importance of embracing risk as a road to resiliency.