The increasing threat of cybersecurity attacks has led to a strengthening of information security programs across all industries. The transit industry is no different, but the cyber hygiene of the technology supply chain remains a soft underbelly of many security programs.
The U.S. Department of Homeland Security has identified the transportation industry as one of 16 critical infrastructure sectors whose assets, systems, or networks are so vital to the country that their incapacitation would prove debilitating to the nation’s security, economy, or public health and safety. As the world grows ever more connected, the risk of bad actors initiating a cyber attack on critical infrastructure like transit becomes an inherently larger threat. The FBI's Internet Crime Complaint Center reported a 62 percent increase in ransomware complaints in the first six months of 2021 compared to the same time frame in 2020. Some of the most notable ransomware attacks in recent years have involved large and small public transit agencies.
Despite the alarming headlines and words of warning from multiple government agencies, a recent Mineta Transportation Institute report found that despite over 80% of agencies feeling prepared for a cybersecurity threat, only 60% had a program in place to mitigate such threats. However, there are a growing number of resources to help agencies establish the appropriate cybersecurity infrastructure and develop a game plan for vetting the vendors and third parties. For example, some FTA grant programs can be utilized to develop cybersecurity programs, including FTA’s Urbanized Area Formula Program, the Formula Grants for Rural Areas Program, and the State of Good Repair Program.
The RFP process provides an opportunity for a transit agency to dictate information security expectations to their potential technology vendors. Yet, it is a process often used with varying degrees of success. Some RFP specifications provide little to no mention of cybersecurity, some specifications contain boilerplate language that often does not apply to the system being procured. Further, some specifications over-prescribe security requirements, resulting in costly and time-consuming project development and deployment schedules.
Learn More from Cybersecurity Experts at CONNECT2022
Looking to learn more about how your agency can get ahead of potential cyber-attacks and better evaluate the cybersecurity hygiene of potential vendors and ITS providers? Join us at CONNECT2022 for a Peer Spotlight session titled “Is your agency prepared for a cyber-attack? You may not be as prepared as you think.” Christos Karanicolas, Senior Vice President of Engineering at Clever Devices, will be joined by a panel of transit agency professionals with firsthand experience navigating a cybersecurity event.
Christos Karanicolas has served in various engineering roles developing technology for the public transit (ITS), Department of Defense, and secure file transfer industries.
Christos currently serves as Senior Vice President of Engineering for Clever Devices, the leading ITS provider in North America. Christos has been with Clever Devices since 2005, where he led the development of the company’s RPTI and CAD/AVL product lines currently deployed at some of the largest transit agencies across North America. Christos has served in his current role as SVP of Engineering since 2015, where he heads all engineering activities related to Clever Devices’ CAD/AVL, RTPI, Business Intelligence, Depot Management, and Onboard/Embedded product lines.
Christos has also recently led the formalization of Clever Devices’ engineering and corporate Cybersecurity program. Through this experience, Christos has gained a deep understanding of the challenges faced by corporations and the public transit industry in implementing sound security processes and procedures.
Register today for CONNECT2022 in Austin, TX! This year we're introducing content tracks for specific interest areas, including IT and Technology. Explore our interactive schedule to learn more about the sessions that interest you and your team.