As transportation infrastructure continues to expand from isolated nodes to large interconnected networks, cybersecurity is a critical concern for transit agencies. This report provides recommendations and suggested policies for transit agencies that may help reduce cybersecurity liabilities. The recommendations are informed by a literature review of existing vulnerabilities, a survey of Florida transit agencies, a taxonomy of transit technologies, outcomes of cybersecurity working groups and workshops, and hands-on analyses of several technologies, all of which were conducted as part of this project. Existing vulnerabilities were discovered in literature for connected vehicles, autonomous vehicles, electronic ticketing systems, traffic signal controllers, traffic signal priority, and dynamic message signs. Survey participants ranked employee training as the biggest challenge to implementing good cybersecurity practices. The taxonomy of transit technologies was based on five dimensions: extent of deployment in Florida, mode of transportation, functionality, responsible organizations, and liabilities. The report also includes the results of the cybersecurity working group meetings and workshops held during the project and provides a detailed analysis of a vulnerability discovered in a Florida mobile fare payment application by the research team. Important areas of future work include further examining mobile fare payment apps, onboard Wi-Fi, and traffic controller equipment, as well as adding cybersecurity components to the existing management plan processes currently established for safety and security in Florida.
FTSON
Florida Transit Safety and Operations Network
