Recommended Practice

Cybersecurity Considerations for Public Transit


This recommended practice establishes considerations for public transit chief information officers interested in developing cybersecurity strategies for their organizations. It details practices and standards that address vulnerability assessment and mitigation, system resilience and redundancy, and disaster recovery.

Document History
Document Number Version Publication Date Publication Related Information
APTA SS-ECS-RP-001-14 Rev. 1 07/29/2022 Published Current
APTA SS-ECS-RP-001-14 10/17/2014 Published Superseded


advanced persistent attacks, cyber, cyber-assets, cybersecurity assessments, disaster recovery, enterprise cybersecurity, fallback, information security (INFOSEC), information and communication technology (ICT), information security, intrusion detection, redundancy, resilience, secure cloud, system penetration.


Cybersecurity is a growing concern for public transit managers, as control and management systems become increasingly dependent on information technology. These systems are vulnerable to increasingly sophisticated direct and indirect cyberattacks. The typical transit-based IT infrastructure comprises complex and interconnected components, subcomponents, and services. This complexity increases the exposure of these systems to threats. Given these increasing risks, the transit industry and its technology managers must take proper steps to ensure the security of their cybersystems. Working remotely has increased the risk of compromising electronic security perimeters. Transit organizations must prioritize cybersecurity control implementation and ongoing operations management.

​Get Involved

Want to participate in the development of this document? Join the Working Group or Learn More

Related Documents

​ ​​

Print Friendly, PDF & Email