The Illinois Department of Transportation (IDOT) partnered with Cybrbase, a transportation infrastructure cybersecurity firm, to pilot a group-based cybersecurity vulnerability assessment across six small and mid-sized rural transit agencies. 

The initiative aims to tackle growing cybersecurity threats by providing cost-effective, collaborative solutions for systems often overlooked due to limited budgets and staffing.

Participating agencies include Decatur Public Transit System, Piatt County Public Transportation, QC Metrolink, Reagan Mass Transit, and Warren County Public Transportation. 

The IDOT Cybersecurity Pilot

The pilot is one of the first of its kind to promote cybersecurity for rural transit systems, which are increasingly vulnerable to attacks but often lack the resources for comprehensive protection.

“As a transportation leader, Illinois DOT is closely watched by agencies across the country,” said Scott Belcher, sr. advisor at Cybrbase. “This initiative is intended to close the cybersecurity gap among local transit operators.”

Cybrbase’s approach blends individual confidentiality with group collaboration. Each agency conducts its cybersecurity assessment using a proprietary, AI-powered platform based on the NIST Cyber Resilience Review (CRR). 

The tool simplifies the discovery of vulnerabilities and helps agencies design mitigation strategies tailored to their specific resources and risk tolerance, Cybrbase officials said.

Officials said the group model also fosters peer learning and shared best practices, leveraging the non-competitive nature of public transit to build collective resilience without exposing individual agencies' data.

Addressing a National Risk

The pilot follows a recent study by the Mineta Transportation Institute that found significant cybersecurity gaps across the transit industry, particularly among rural and small agencies. 

The report found that the systems are often burdened with outdated technologies and limited IT support, making them prime targets for cyberattacks that could disrupt transportation services and compromise public safety.

By demonstrating how state agencies can help local transit systems bolster cybersecurity affordably, officials hope the IDOT-Cybrbase pilot may serve as a replicable model for other states, risk pools, and transit networks nationwide.

Cybrbase officials added that the program’s success could redefine how cybersecurity is approached at the local transit level, shifting the narrative from reaction to resilient, preventive action.