MTI Research Program Asks if Transit is Ready for a Cyber Attack

The report found most transit agencies, which fall within this sector, do not have many of the basic policies or personnel in place to respond to a cyber incident.

by METRO Staff

October 7, 2020

MTI Research Program Asks if Transit is Ready for a Cyber Attack — The research team emphasizes that the Federal Transit Administration should require transit organizations to adopt and implement minimum cybersecurity standards prior to receiving federal funding.
Credit:
TRE

2 min to read

New Mineta Transportation Institute (MTI) research assesses the readiness of agencies to understand, mitigate, and respond to the growing threat of cybersecurity. “Is the Transit Industry Prepared for the Cyber Revolution? Policy Recommendation to Enhance Surface Transit Cyber Preparedness” surveyed 90 transit agency technology leaders and found over 80% of agencies reported feeling prepared for a cybersecurity threat, yet only 60% have a cybersecurity program in place.

Despite the U.S. Department of Homeland Security designating the Transportation System Sector as one of 16 critical infrastructure sectors whose disruption would have a debilitating effect on our nation’s security, the report found most transit agencies, which fall within this sector, do not have many of the basic policies or personnel in place to respond to a cyber incident.

Other key findings include:

While 73% of respondents feel they have access to information to help implement a cybersecurity preparedness program, only 60% have a cybersecurity response plan in place, and 43% do not find their plan sufficient.
47% of agencies reported auditing their cybersecurity program at least once a year.
Over 50% of agencies do not keep a log for longer than a year — one of the most basic cybersecurity preparedness requirements.
36% do not have a cyber disaster recovery plan.
67% do not have a cyber crisis communications plan.

“Fortunately, there is an abundance of information and tools, such as the Transportation Systems Sector (TSS) Cybersecurity Framework Implementation Guidance and accompanying workbook, available to public transit agencies to support a cybersecurity program,” says the report’s Principal Investigator Scott Belcher. He goes on to describe how agencies that have become aware of the imminent threat have taken action to protect themselves from cyber attacks, including seeking technical leadership from outside the transit industry and contracting out the management of personally identifiable information (PII).

For most transit agencies, resources for cybersecurity will remain scarce and thus there needs to be a collaborative effort from the federal government, the industry, and agency leadership to establish, maintain, and refine cybersecurity programs. The research team emphasizes that the Federal Transit Administration should require transit organizations to adopt and implement minimum cybersecurity standards prior to receiving federal funding.

The team also recommends federal funds be allocated for the development of comprehensive cybersecurity preparedness plans and their implementation. Industry trade associations should continue to develop, refine, and improve existing cybersecurity guidance to enable transit agencies to adequately prepare for the inevitable cyber disruption and maintain a ready approach in the event of an attack.

Topics:Mineta Transportation Institute cybersecurity safety Department of Homeland Security FTA Bus Rail Technology Security and Safety

More Security and Safety

2026 Disaster Response Guide Call for Experts is Open.

Safety•by Staff•February 9, 2026

Disaster Readiness Starts Before the Storm [Call for Experts]

The 2026 Disaster Response Guide is officially underway, and we’re now opening a Call for Insights and Experts.

A Société de transport de Montréal articulating public transit bus.

Security and Safety•by Staff•February 4, 2026

Montreal’s STM Expands Text Message Safety Reporting to Bus Network

The agency opens its text message safety reporting system to buses, enabling discreet, non-urgent reports across Montreal’s entire transit network.

A graphic with an image of the CATS Blue Line and text reading "FTA Cites 18 Safety Violations at CATS Following Federal Audit."

Security and Safety•by Staff•February 3, 2026

Federal Transit Administration Cites 18 Safety Violations at CATS Following Audit

The audit found multiple safety compliance failures at the Charlotte agency, citing elevated assault risks and ordering corrective action within 30 days.

Security and Safety•by Staff•January 22, 2026

Researchers Identify Top Risk Factors for Pedestrian-vehicle Crashes at Massachusetts Bus Stops

While their comprehensive analysis of bus stops focused on Massachusetts, the researchers are excited about the generalizability of the findings and application to other locations.

Technology•by Staff•January 16, 2026

CTA Innovation Studio Expands Pilot to Reduce Smoke, Odors

The new filters include substantially more activated carbon than traditional HVAC filters, which is especially helpful in providing a better transit riding experience for vulnerable populations, particularly children, seniors, and people with chronic illnesses, according to the CTA.

Security and Safety•by Staff•January 16, 2026

Milwaukee Rolls Out New Measures to Enhance Bus Safety

MCTS officials said the new pilots are part of a broader commitment to improving the rider experience through proactive, visible safety strategies that balance enforcement with customer support.

Transit signal priority and public transit agencies.

New Mobility•by Alex Roman•January 16, 2026

How AI is Redefining Transit Operations and Signal Priority

In a recent episode of METROspectives, LYT CEO Timothy Menard discusses how artificial intelligence, cloud connectivity, and real-time data are transforming traffic management, boosting bus reliability, and enabling system-wide transit optimization across cities.

Security and Safety•by Staff•January 15, 2026

Metro Magazine