USA Banner

Official US Government Icon

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure Site Icon

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Site Notification

Site Notification

U.S. Department of Transportation U.S. Department of Transportation Icon United States Department of Transportation United States Department of Transportation

Cybersecurity Resources for Transit Agencies

Overview

FTA provides financial support for some grant recipients’ cybersecurity activities and supports the U.S. Department of Homeland Security (DHS) in promoting enhanced security for transit agencies.  Additionally, as a condition of federal assistance, under 49 U.S.C. 5323(v), rail transit operators must certify that they have a process to develop, maintain, and execute a plan for identifying and reducing cybersecurity risks. 

FTA has aggregated cybersecurity resources below to support transit agencies as they prepare for, mitigate, and respond to cybersecurity issues. The resources on this page are presented for informational purposes only.  

CISA Alert

In January 2022, the Cybersecurity & Infrastructure Security Agency (CISA) issued a “Shields-Up” message to U.S. organizations. Cyber-attacks could potentially target communications and navigation systems, power grids, and various elements of the transportation sector to disrupt the nation’s ability to command and control operations.

The National Cyber Awareness System (NCAS) alerts provide timely information about current security issues, vulnerabilities, and exploits. Sign up to receive these technical alerts in your inbox or subscribe to our RSS feed.

Funding Opportunities

FTA

Some FTA grant programs can support cybersecurity activities, including FTA’s Urbanized Area Formula Program, the Formula Grants for Rural Areas Program), and State of Good Repair Program). 

Costs related to cybersecurity that may be eligible for Federal reimbursement include:

  • Staff salaries for personnel involved with security, contracts for security services, and other operating activities intended to increase the security of an existing or planned public transportation system.
  • Capital costs to support equipment including computer hardware and software to address cybersecurity. 
  • The Urbanized Area Formula Program (49 U.S.C. 5307) makes Federal resources available to urbanized areas and governors for transit capital and operating assistance and for transportation-related planning in urbanized areas. A recipient must spend at least 1 percent of its 5307 funds on security projects, unless it determines this is not necessary. 

DHS

The DHS Transit Security Grant Program provides competitive grants to transit agencies for security-related projects.

Cybersecurity Preparedness and Reporting Incidents, Phishing, Malware or Vulnerabilities

NIST Cybersecurity Framework

The voluntary NIST Cybersecurity Framework provides standards, guidelines and best practices to manage cybersecurity risk. It focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.

TSA Surface Transportation Cybersecurity Toolkit

The Surface Transportation Cybersecurity Resource Toolkit is a collection of documents designed to provide cyber risk management information to surface transportation operators with fewer than 1,000 employees.

TSA Security Directive and Information Circulars

TSA issued Security Directive 1582-21-01, “Enhancing Public Transportation and Passenger Railroad Cybersecurity” on December 31, 2021, The Security Directive, which applies to all public passenger rail owners and operators identified in 49 CFR 1582.101, requires four critical actions:

  • Designate a cybersecurity coordinator who is required to be available to TSA and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) at all times (all hours/all days) to coordinate implementation of cybersecurity practices, and manage of security incidents, and serve as a principal point of contact with TSA and CISA for cybersecurity-related matters;
  • Report cybersecurity incidents to CISA;
  • Develop a Cybersecurity Incident Response Plan to reduce the risk of operational disruption should their Information and/or operational technology systems be affected by a cybersecurity incident; and
  • Conduct a cybersecurity vulnerability assessment using the form provided by TSA and submit the form to TSA. The vulnerability assessment will include an assessment of current practices and activities to address cyber risks to information and operational technology systems, identify gaps in current cybersecurity measures, and identify remediation measures and a plan for the owner/operator to implement the remediation measures to address any vulnerabilities and gaps.

TSA issued IC-2021-01, “Enhancing Surface Transportation Cybersecurity”, dated December 31, 2021, which applies to each passenger railroad, public transportation agency, or rail transit system owner/operator identified in 49 CFR 1582.1. This circular provides the same four recommendations for enhancing cybersecurity practices listed above.  While this document is guidance and does not impose any mandatory requirements, TSA strongly recommends the adoption of the measures set forth in the circular.

CISA Cybersecurity Reporting

CISA provides secure means for constituents and partners to report incidents, phishing attempts, malware and vulnerabilities. Federal incident notification guidelines, including definitions and reporting timeframes, can be found at http://www.us-cert.gov/incident-notification-guidelines. To submit a report, please select the appropriate method from below:

Incident Reporting Form: report incidents as defined by NIST Special Publication 800-61 Rev 2, to include:

  • Attempts to gain unauthorized access to a system or its data,
  • Unwanted disruption or denial of service, or
  • Abuse or misuse of a system or data in violation of policy.

Share indicators and defensive measures: submit cyber threat indicators and defensive measures with DHS and the Federal Government (including sharing under the Cybersecurity Information Sharing Act of 2015).

Report phishing: an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques, typically via emails containing links to fraudulent websites.

Report malware: malicious code (e.g., viruses, worms, bots) that disrupts service, steals sensitive information, gains access to private computer systems, etc.

Training

TSA 5N5 Cybersecurity Workshop Series

These workshops provide awareness of federal cybersecurity support programs and the many resources available to transportation owners and operators to learn about Department of Homeland Security resources and programs available to them, as well as non-technical policy or procedural actions that can enhance their company or agency’s cybersecurity. It focuses on transit, passenger rail, trucking, over-the-road buses, school buses, freight rail and pipeline modes of transportation. 

Federal Virtual Training Environment

The Federal Virtual Training Environment (FedVTE) provides free online cybersecurity training for all proficiency levels containing more than 800 hours of training on topics such as ethical hacking and surveillance, risk management, and malware analysis, as well as certification prep courses for certified information security managers and certified information systems security professionals. 

Resources

NIST

DHS CISA

TSA