Transit agencies ‘ill prepared’ for cyberattack: survey

Transit agencies in the United States are “ill prepared” for a cyberattack and are not doing enough to address the cybersecurity challenges they face, according to new research from the Mineta Transportation Institute (MTI) at San Jose State University…

The report notes that San Francisco’s Bay Area Rapid Transit (BART) system was breached in 2017 when it installed more than 1,000 pieces of hardware that turned out to be spyware. And Scott Belcher, principal investigator on the report and an MTI research associate, noted in an interview that the Southeastern Pennsylvania Transportation Authority (SEPTA) in Philadelphia recently suffered an attack that resulted in disrupted communications, including with riders.

Many agencies struggle with financial deficits that have been exacerbated by the coronavirus pandemic (COVID-19). Belcher said a lack of funding means transit systems typically only invest in cybersecurity after an attack, rather than preemptively, or rely on a visionary leader to push a strategy forward.