State of the Industry: Rural Cybersecurity

  • Date: October 5, 2023

The National Center for Applied Transit Technology’s (N-CATT) goal is to improve and make more efficient small-urban, rural and tribal transit service by educating staff about technology and other improvements.

An effective cybersecurity plan when implemented protects from attacks that compromise transit agency staff and riders, as well as their system and daily operations. This fact sheet reviews four elements:

  1. The three types of cybersecurity hack most likely to occur
  2. Types of preventative activities
  3. Components of the plan
  4. Funding options

Preventative Activities

  1. Design a security system with a robust firewall. Include security measures like Two-Factor Authentication (2FA)
  2. Train Employees on Internet Security best- practices, do not assume knowledge
  3. Backup all organization data on a separate system
  4.  Have an incident response plan
  5. Self assessment of its system before and yearly after the plan is implemented. (Use available tools, ex. download CATT tool on FTA)

The three types of data breaches:

Hackers trying to penetrate a firewall. Their goal is to obtain identity info that can be monetized like Social Security Numbers, etc.

Ransomware attacks that take the whole system hostage. Their goal is to hold the system hostage for a monetary ransom

Malware and viruses uploaded for sabotage. Their goals are various, often a former disgruntled employee or customer.


  1. Speed is key. The faster the plan implements, the less likelihood for a breach
  2. Account for remote staff, this can impact communications
  3. Test the plan regularly and update accordingly
  4. The Point of Contact should be someone with capacity for a new function
  5. Communicating incidents to other agencies helps others avoid pitfalls

Components of an incident response plan:

Response Team

  1. Management
  2. IT
  3.  Legal
  4. Safety/Security
  5. External vendors (as relevant)


  1.  Point of Contact/Response Coordinator
  2.  Chief Information Officer


1. Isolate the impacted systems

2. Investigate the breach & determine the method to mitigate

3. Activate or inform other departments like federal authorities, management, external communications, legal, etc.

4. Track the resolute, document what occurred and when

5. Once resolved, establish lessons learned using a post-incident report

Additional Resources

  1. TSA Surface Transportation Toolkit
  2. American Public Transportation Association Securing Control and Communications Systems in Transit Environments
  3.  Cybersecurity & infrastructure Security Agency Awareness Program Law Enforcement Resources
  4. Cybersecurity & infrastructure Security Agency Ransomware Guide
  5. National Institute of Standards and Technology Security and Privacy Controls for Information Systems and Organizations.
  6. Go to Federal Transit Authority website to see information about eligible expenses under the Formula Grants for Rural Areas Program