Recommended Practice

Cybersecurity Considerations for Public Transit


This Recommended Practice establishes considerations for public transit chief information officers (CIOs) interested in developing cybersecurity strategies for their organizations. It details practices and standards that address vulnerability assessment and mitigation, system resiliency and redundancy, and disaster

Document History
Document Number Version Publication Date Publication Related Information
APTA SS-ECS-RP-001-14 10/17/2014 Published Current


advanced persistent attacks, cyber, cybersecurity assessments, cyberassets, disaster recovery, enterprise cybersecurity, fallback, information security (INFOSEC), information and communication technology (ICT), information security, intrusion detection, redundancy, resiliency, secure cloud, system


 Cybersecurity is a growing concern for public transit managers, as control and management systems become increasingly dependent on information technology. These systems are vulnerable to increasingly sophisticated direct and indirect cyberattacks. The typical transit-based IT infrastructure is
comprised of a complex and interconnected series of components, subcomponents and services. This complexity increases the exposure of these systems to threats. Given these increasing risks, the transit industry and its technology managers must take proper steps to ensure the security of their cybersystems.

​Get Involved

Want to participate in development of this document? Join the Working Group or Learn More

Related Documents

​ ​​

Print Friendly, PDF & Email