All-time high levels of funding are now available to restore and modernize our nation’s transportation infrastructure and advance the state of public transit in America. Likewise, as the recovery from the worldwide pandemic continues to slowly come into focus, now is the time for public transit agencies to take advantage of this window of opportunity to position themselves for the future. Cybersecurity and cloud-based solutions should be at the top of every agency’s investment priorities to ensure their ITS infrastructure is ready for the future. Below are some key questions that executive directors and agency leadership should be asking to make sure they prioritize their investments wisely.
1. Why should my organization worry about information security?
There is a common statistic cited from recent studies that states a cyberattack occurs every 39 seconds. Cybercrime is estimated to reach costs in the trillions within the next few years unless we start implementing strong countermeasures now. Cybersecurity is a cornerstone of our national security policy and APTA continues to take a leadership position to advance this cause. The latest round of federal funding for transportation has made the implementation of cybersecurity not only a focus, but a requirement. Agencies will be held accountable and audited to demonstrate the steps they are taking to address this challenge.
2. What if we don’t have the staffing levels or expertise to address cybersecurity?
The FTA and APTA have built a valuable library of information and toolkits to help provide a roadmap for success. Agencies will not be able to do this alone and the only path to success is a coordinated effort between agencies, funding partners, stakeholders and technology providers.
Avail is unique as a technology provider in that we serve all three layers of the transportation information ecosystem – operational systems, enterprise information systems and subscribed systems. Therefore, Avail has made security a top priority.
3. What should an agency expect from technology providers and what should providers expect from agencies to implement a successful approach to cybersecurity?
There are clearly established pillars of cybersecurity, and technology provider’s products and services make up a large percentage of the IT infrastructure and facilities piece of the puzzle.
Thus, agencies should expect their technology providers to have an articulated strategy around security and documented Information Security (INFOSEC) policy. Likewise, agencies need to be responsible for the operations and people pieces and provide strong governance that starts at the top. Any chain is only as strong as its weakest link, and this is especially true when it comes to security. The best path to success is agencies and technology providers working together to implement a unified strategy.
4. What are some examples of how Avail is innovating to be at the forefront of cybersecurity and help agencies?
As a technology partner, not just a provider, Avail is taking a holistic approach to security. This approach is guided by a cybersecurity committee and INFOSEC policy to secure our entire range of products and services. Our entire back-office suite of Enterprise Transit Management software is cloud based to enable agencies to migrate away from reliance of on-premise servers and hardware. We are also now offering an upgrade to SOCII compliance with enhanced intrusion detection, security logging retention and audit reports available to support agency regulation compliance, as well as increased limits on cyber insurance. An agencies’ vehicle fleet includes an extensive technology stack that is connected to the cloud and thus vulnerable to cyber-attack. Avail has solutions here as well for agencies, and we can provide enhanced onboard equipment and mobile gateway routers with private networks, virtual tunnels, over-the-air updates and other protection mechanisms to ensure the security of all of your rolling stock and the safety of your passengers and drivers. These are just some examples to illustrate our holistic approach to security.
5. Any closing thoughts for agencies as they work on their strategic plans and investment strategies?
If you haven’t started developing your agency security strategy and creating a documented INFOSEC policy, you need to start now. Regardless of who your technology providers are, you should be offering them a seat at the table to help be part of the solution and you should expect that they have solutions and strategies to help. There is funding available to help agencies invest in cybersecurity but they need to be cautious and look for more than shovel-readiness. At Avail, we have taken a holistic approach to security and our goal is to offer solutions that are shovel-worthy to ensure the success and security of our agency partners and those they serve.
-------------
Rick Spangler is Chief Technology Officer for Avail Technologies, Inc.
