Other key findings include that, while 73% of respondents feel they have access to information to help implement a cybersecurity preparedness program, only 60% have a cybersecurity response plan in place and 43% do not find their plan sufficient.
While 47% of agencies reported auditing their cybersecurity program at least once a year, over half do not keep a log for longer than a year– one of the most basic cybersecurity preparedness requirements. Furthermore 36% do not have a cyber disaster recovery plan; and 67% do not have a cyber crisis communications plan.
The team also recommends federal funds be allocated for the development of comprehensive cybersecurity preparedness plans and their implementation. Industry trade associations should continue to develop, refine, and improve existing cybersecurity guidance to enable transit agencies to adequately prepare for the inevitable cyber disruption and maintain a ready approach in the event of an attack.