advanced persistent attacks, cyber, cybersecurity assessments, cyber assets, disaster recovery, enterprise cybersecurity, fallback, information security (INFOSEC), information and communication technology (ICT), information security, intrusion detection, redundancy, resiliency, secure cloud, software as a service (SaaS), system penetration

Summary

Managing cloud vendor risks is a growing concern for public transit managers as control and management systems increasingly depend on various cloud services. These systems are vulnerable to increasingly sophisticated direct and indirect cyberattacks. The typical transit-based information technology infrastructure comprises a complex and interconnected series of components, subcomponents and services. This complexity increases the exposure of these systems to threats. Given these increasing risks, the transit industry and its technology managers must take proper steps to ensure the security of their cloud services. The development of a program should include a vulnerability assessment and mitigation, system resiliency and redundancy, and disaster recovery.