Skip to Content

APTA SS-ECS-WP-007-26

Cybersecurity Considerations for Systems Safety and Security Professionals

Abstract

This white paper shares considerations for public transit safety and security personnel regarding the inclusion of cybersecurity threats and risks in their hazard analysis and threat assessment processes. Further, the document provides guidance on how and when an agency’s primary cybersecurity coordinator should be involved in the assessment process and/or in incident response/investigation. The document is composed of guidance from various industry sources including but not limited to the APTA Operational Technology Cybersecurity Maturity Framework (OT-CMF), APTA’s recommended practice “Safety and Security Certification” (APTA SS-ISS-RP-008-24), other applicable APTA recommended practices, the National Institute of Standards and Technology (NIST) Special Publications 800-30 and 800-82, NIST Cybersecurity Framework, and other industry best practices to support efforts associated with risk assessment, mitigation strategies, system resiliency and redundancy, and incident management.

Keywords: cyber, cyber assets, cybersecurity assessments, disaster recovery, hazard analysis, operational technology (OT), redundancy, resiliency, safety

Summary

To drive system efficiencies, improve customer experience and support enhanced use of transit infrastructure, public transportation is becoming increasingly connected. The operational technologies systems of the past, which had been relatively isolated, are increasingly being connected to agency networks for a variety of reasons. Not least of these are greater operational efficiencies and customer visibility in fleet operations. Despite the benefits, this connectivity increases risks to operations, which agencies must understand prior to allowing for communication between security zones. Each additional pathway of communication results in an increase in the potential attack surface of OT. This contributes to increased risks to OT systems in public transportation, with the potential to impact the safety and security of agency employees and the traveling public. Further, disruptions of the operations of these systems and the resources they support could have potentially cascading effects on the societies that depend on them. Given these factors, cybersecurity is a vital component in ensuring system safety.

Document History

Document Number Version Publication Date Publication Related Information
APTA SS-ECS-WP-007-26 Original 03/23/2026 Published Current

Get Involved

Want to participate in the development of this document? Join a Working Group or Learn More