State transportation agencies, like other complex public and private organizations, increasingly rely on information technology (IT) systems and operational technology (OT) assets to fulfill their public mission. In addition to the use of IT for administrative functions, the real-time use of technology to operate and manage transportation facilities and services presents particularly acute challenges.
Recent cyber incidents within public agencies highlighted the challenges transportation agencies face with such threats. Significant emphasis has been given to the protection of IT systems against such threats but less is devoted to the risks to OT and equipment and protecting transportation business operations. State transportation agency leadership need more information to explain how the agencies can prevent such incidents, what to do when they occur, and how to recover. This research focuses on state transportation agencies’ unique cybersecurity challenges, in particular OT, and provides direction on cyber-incident management.
This research aimed to (1) identify what executives and senior managers at state transportation agencies need to know about managing the confluence of transportation OT and IT cybersecurity risks, (2) classify transportation functions, services, and assets that may be targets of cyberattacks and cyber incidents, and (3) develop an easy-to-use guide for state transportation agency executives and senior managers that will help assess, classify, and respond to transportation systems cybersecurity risks.