MTI Research Program Asks if Transit is Ready for a Cyber Attack
The report found most transit agencies, which fall within this sector, do not have many of the basic policies or personnel in place to respond to a cyber incident.
The research team emphasizes that the Federal Transit Administration should require transit organizations to adopt and implement minimum cybersecurity standards prior to receiving federal funding.
TRE
New Mineta Transportation Institute (MTI) research assesses the readiness of agencies to understand, mitigate, and respond to the growing threat of cybersecurity. “Is the Transit Industry Prepared for the Cyber Revolution? Policy Recommendation to Enhance Surface Transit Cyber Preparedness” surveyed 90 transit agency technology leaders and found over 80% of agencies reported feeling prepared for a cybersecurity threat, yet only 60% have a cybersecurity program in place.
Despite the U.S. Department of Homeland Security designating the Transportation System Sector as one of 16 critical infrastructure sectors whose disruption would have a debilitating effect on our nation’s security, the report found most transit agencies, which fall within this sector, do not have many of the basic policies or personnel in place to respond to a cyber incident.
Other key findings include:
While 73% of respondents feel they have access to information to help implement a cybersecurity preparedness program, only 60% have a cybersecurity response plan in place, and 43% do not find their plan sufficient.
47% of agencies reported auditing their cybersecurity program at least once a year.
Over 50% of agencies do not keep a log for longer than a year — one of the most basic cybersecurity preparedness requirements.
36% do not have a cyber disaster recovery plan.
67% do not have a cyber crisis communications plan.
“Fortunately, there is an abundance of information and tools, such as the Transportation Systems Sector (TSS) Cybersecurity Framework Implementation Guidance and accompanying workbook, available to public transit agencies to support a cybersecurity program,” says the report’s Principal Investigator Scott Belcher. He goes on to describe how agencies that have become aware of the imminent threat have taken action to protect themselves from cyber attacks, including seeking technical leadership from outside the transit industry and contracting out the management of personally identifiable information (PII).
For most transit agencies, resources for cybersecurity will remain scarce and thus there needs to be a collaborative effort from the federal government, the industry, and agency leadership to establish, maintain, and refine cybersecurity programs. The research team emphasizes that the Federal Transit Administration should require transit organizations to adopt and implement minimum cybersecurity standards prior to receiving federal funding.
The team also recommends federal funds be allocated for the development of comprehensive cybersecurity preparedness plans and their implementation. Industry trade associations should continue to develop, refine, and improve existing cybersecurity guidance to enable transit agencies to adequately prepare for the inevitable cyber disruption and maintain a ready approach in the event of an attack.
More Security and Safety
WMATA Debuts 'Fares Pay for Service' Awareness Campaign
The campaign was highlighted during a media event at the Paul S. Sarbanes Transit Center in Silver Spring, where WMATA’s GM/CEO Randy Clarke joined Metro Transit Police officers, WMATA management team, board members, and staff to expand fare enforcement and customer education efforts on Metro Bus routes throughout the region.
Read More →
The Evolving Role of Program Management in Transit Delivery
Brian Buchanan, HDR’s transit program management lead, discusses how agencies can strengthen governance, anticipate risk and deliver large-scale projects more effectively.
Read More →
TTC Enhances Security Efforts With More Checks, Track Intrusion Focus
The actions, and more, are part of the new and enhanced measures outlined in the “Advancing Safety on the TTC: 2026 Focus Areas Plan” report, which is going to the TTC Board on June 3.
Read More →
SFRTA Partners on “Are You OK?” Mental Health Awareness Campaign
Supported by a $56,500 grant from the Federal Railroad Administration, the program will combine targeted public education campaigns with specialized training for SFRTA employees, contractors, and regional partners.
Read More →
Regional Task Force to Enhance Public Safety on Chicago-Area Transit
Participants include representatives from the CCSAO, the Chicago Police Department, CTA, the Cook County Sheriff’s Office, the U.S. Attorney’s Office, the FBI, the ATF, the DEA, Metra, and Pace.
Read More →
ABQ RIDE’s Transit Safety ‘Headed in the Right Direction’
See how the New Mexico agency’s quarterly report reaffirms its commitment to security and data transparency.
Read More →
Biz Briefs: King County Metro Taps Schunk Transit Systems for Charging and More
Stay informed with these quick takes on the projects and companies driving progress across the transportation landscape.
Read More →
Toronto Introduces Body Cameras for Select Station Staff to Enhance Security
The phased introduction of the cameras for station staff follows the successful rollout of the devices with TTC Special Constables and Provincial Offenses Officers in January 2025.
Read More →
NJ TRANSIT to Expand Cleanliness, Safety, and Accessibility Under New Action Plan
The plan includes investments in cleaner vehicles and upgraded stations, NJT LiveView to provide real-time GPS tracking of train and light rail service, enhanced safety initiatives through a new Real Time Crime Center, and the debut of a redesigned NJ TRANSIT mobile app.
Read More →
Assaults on Transit Workers Rise, Prompting Calls for Stronger Safety Measures
New research from MTI shows a sharp increase in attacks on public-facing transit employees, with North America accounting for a significant share and bus drivers among the most affected.
Read More →