In a new report by the Mineta Transportation Institute at San Jose State University in California, transit agencies need to place security and technical expertise at the in the ranks of management, often a chief information security officer (CISO).
“Many of the big agencies have created a CISO-like position, and have stepped up,” said Scott Belcher, a professor at San Jose State and one of the authors of the report. He added that transit agencies have access to funding streams from the Transportation Security Administration (TSA) to help harden systems against cyber attacks.
“Most agencies rely on their IT departments and assume that penetration testing is enough,” said Belcher. “It is an awkward dance.”
The report advises that transit agencies should be writing cybersecurity expectations into the request for proposals (RFP) they release when calling for technology solutions or upgrades. But also, elevate cybersecurity into an “enterprise risk management strategy,” where risk management is an integral part of all agency functions and operations.
Have more mobility news that we should be reading and sharing? Let us know! Reach out to Sage Kashner (kashner@ctaa.org).
Please confirm you want to block this member.
You will no longer be able to:
Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.