U.S. transit agencies face an evolving threat to infrastructure and digital systems not seen since 9/11. The growth of interconnected systems and linked safety mechanisms creates a growing threat vector that can undermine financial stability and take lives. A successful attack on most agencies will also yield cascading consequences magnifying the outage across a region.
Even with the U.S. Government’s focus on critical infrastructure protection, the cyber vision of executive leadership will define transit organization’s capacity to continuously reduce cyber risks. A systematic and strategic agency-level approach to cybersecurity engagement must become a resident and remain a significant transit leadership priority. The recent successful attacks on organizations that had the financial resources to forge the best cyber planning and mitigation practices, identify a real threat to all transit systems.
Hackers Getting Stronger
Attacks to critical infrastructure multiply and increase in complexity, richer, more sustainable methodology will become vital to the protection of safe and secure transportation systems. The lack of systematic approaches to unearthing vulnerabilities and mitigating the threats will allow hackers multifaceted opportunities to defeat stagnate security strategies.
Successful defense-in-depth strategies demands cybersecurity is a core function of transit system management. Organization must seek out unseen vulnerabilities to manage them accordingly. A growing cadre of skilled hackers makes this an imperative. Likely attackers will enlist artificial intelligence strategies and use known vulnerabilities in equipment, as well as, immature process to gain unauthorized access.
Risk Management Requires Risk Assessment
Just as leaders understand financial uncertainty and plan to navigate financial risks, they must develop visibility mechanism to understand what they don’t know. Effective security strategies interrupt a hacker’s ability to fully exercise vulnerabilities. This starts with a systemwide expectation of cybersecurity excellence that incorporating the proper tools, processes and training. Researchers at IBM advise the average worldwide cost of a data breach is $3.92 million. This cost includes discovery, notification, response and business loss. It does not include the long-term loss of rider associated with the event if safety systems were breached. Clearly, better cyber preparedness has a higher value proposition.
Max Cybersecurity is working with transit agencies and autonomous vehicle companies to minimize risk. Under CEO and former Department of Homeland security Cybersecurity Director Mike Echols, transportation organizations are building a culture of cybersecurity.