Navigating Cybersecurity Risks in the Transportation Sector
By Katie Kraft, WTS-DC
September 2021
Operational cybersecurity is one of the greatest risks to the safety of our transportation infrastructure and our national security today. As we increase our interconnectivity and reliance on technology, our transportation systems are increasingly vulnerable to cyber-attacks that could disrupt the movement of people and goods, bringing with it national and homeland security risks. Transportation is one of the core 16 Critical Infrastructure sectors designated by the U.S. Department of Homeland Security (DHS) and is increasingly a focus by Congress and the administration to address cyber risks.
On September 15, WTS-DC tackled this important topic in a panel discussion with professionals leading cyber protection efforts in the Cybersecurity and Infrastructure Security Agency (CISA), the Transportation Security Administration (TSA), the Washington Metropolitan Area Transit Authority (WMATA), and the American Public Transportation Association (APTA).
Norma Krayem, Vice President and Chair, Cybersecurity, Privacy & Digital Innovation Practice Group, Van Scoyoc Associates (and former Deputy Chief of Staff at the U.S. Department of Transportation), moderated the conversation. Bob Kolasky, Director of the National Risk Management Center, CISA, Kyle N. Malo, Sr. Director, Cybersecurity & CISO, WMATA, Sonya Proctor, Associate Administrator for Surface Transportation, TSA, and Polly Hanson, Senior Director Security, Risk & Emergency Management, APTA, rounded out the panel.
Following an introduction and short discussion by each of the panelists, Krayem elicited the panelists’ views on a variety of topics, including supply chain security risks, the importance of security by design, the impact of recent security directives for the pipeline industry, and the need to establish cyber risk as an enterprise risk management concern for the transportation sector.
Panel members emphasized the need for buyers of transportation technologies to demand high-quality, trustworthy, secure software from vendors. They also discussed the need for transportation operators to think about all the places technology is hiding in a project or an asset that itself is not traditional hardware or software, like a train station or a rail car.
Using the pipeline industry as an example, the federal panelists highlighted the importance of sharing information about vulnerabilities, conducting self-assessments, and putting in place measures to mitigate identified vulnerabilities.
Attendees enjoyed a stimulating conversation, gained insight into the cyber challenges facing the transportation sector, and learned what steps the government and industry are taking to increase security and safety on transportation modes going forward.
WTS-DC is grateful to all the panelists for sharing their time and knowledge with the WTS-DC community. WTS-DC thanks in-kind program sponsors, Van Scoyoc Associates and Kimley-Horn, for their support of this program.
