As smart ticketing systems and technological solutions become more prevalent in the transportation industry, the issue of transportation systems’ cybersecurity becomes a greater concern.

Transportation Systems Cybersecurity is a Major Concern

In August 2019, Transport for London (TfL) was forced to temporarily close down the online facility for its Oyster card system due to a data breach that saw around 1,200 customer accounts compromised. In July 2019, New York City Metropolitan Transport Authority’s (MTA) subway system shut down six major rail lines across the city suddenly and without warning after a widespread server failure attributed to a “software bug.”

While smart ticketing systems are at risk through the same vulnerabilities which affect any online transaction facility, the security of transportation systems themselves is also a pressing issue. Without significant cybersecurity deployment, transportation systems equipped with Internet of Things (IoT) and Artificial Intelligence (AI) capabilities would be vulnerable to outside interference. While leaving users’ data at risk of hacking poses concerns over the threat of fraud and theft, potential hacks of the operating systems of transportation systems could lead to genuine risks to passengers’ safety.

Transportation Systems Cybersecurity Framework

Understanding that a “one size fits all” methodology for implementation of the NIST Cybersecurity Framework is impractical, the Transportation Security Administration, Department of Transportation, United States Coast Guard, and Transportation Systems Sector (TSS) stakeholders created an implementation guide of greatest relevance to the TSS.

The purpose of the TSS Cybersecurity Framework Implementation Guidance is to provide the Transportation Systems Sector with guidance, resource direction, and a directory of options that can assist a TSS organization in its efforts to adopt the NIST Framework. The implementation guidance may be used by organizations to accomplish the following:

  • Characterize their current and target cybersecurity posture.
  • Identify opportunities for evolving their existing cybersecurity risk management (Read more...)