USA Flag

Official website of the Department of Homeland Security

Transportation Security Administration

Surface Transportation Cybersecurity Toolkit

Surface Transportation Cybersecurity Toolkit posterThe Surface Transportation Cybersecurity Resource toolkit is a collection of documents designed to provide cyber risk management information to surface transportation operators who have fewer than 1,000 employees. The materials are drawn from three primary sources:

  • National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity: A voluntary framework for reducing cyber risks in critical infrastructure. Read about the framework.
  • Stop.Think.Connect: A national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Learn more about this campaign or email your inquiry.
  • United States Computer Emergency Readiness Team: Responsible for improving the nation’s cybersecurity posture, coordinating cyber information sharing and managing cyber risks. Learn more and get the latest news about US-CERT.

Cybersecurity threats are real, and they can have real consequences for an organization’s operations and profitability. Exercising cybersecurity best practices help protect from potential damaging cyber-attacks.

Contact US-CERT to report a cyber incident, email the details or call (888) 282-0870.

For questions or to request the full printed version of this toolkit, email your inquiry. Preview the table of contents and order your copy today!

Cybersecurity Resources

The following list of cybersecurity resources are available to the public at no cost.

American Public Transportation Association Cybersecurity Considerations for Public Transit

This recommended practice establishes considerations for public transit chief information officers interested in developing cybersecurity strategies for their organizations. It details practices and standards that address vulnerability assessment and mitigation, system resiliency and redundancy, and disaster recovery. Read the cybersecurity considerations.

American Public Transportation Association Securing Control and Communications Systems in Transit Environments

  • Part I: Elements, Organization and Risk Assessment/Management: Addresses the importance of control and communications security to a transit agency, provides a survey of the various systems that constitute typical transit control and communication systems, identifies the steps that an agency would follow to set up a successful program, and establishes the stages in conducting a risk assessment and managing risk. Read part I of the recommended practice document.
  • Part II: Defining a Security Zone Architecture for Rail Transit and Protecting Critical Zones: Presents Defense-In-Depth as a recommended approach for securing rail communications and control systems, defines security zone classifications, and defines a minimum set of security controls for the most critical zones. Read part II of the recommended practice document.
  • Part III: Attack Modeling Security Analysis White Paper: Covers the attack modeling procedure for transit agencies and their systems integrators and vendors. Read the part three of the recommended practice document.

Critical Infrastructure Cyber Community Voluntary Program

Critical Infrastructure Cyber Community Voluntary Program Kit

Cyber Resilience Review Program

The Cyber Security Evaluation program conducts a no-cost, voluntary, non-technical assessment to evaluate operational resilience and cybersecurity capabilities within critical infrastructure and key resources sectors, as well as state, local, tribal, and territorial governments through its Cyber Resilience Review process. Visit the program page to download assessment materials or e-mail your inquiry.

Cyber Risk Management Primer for CEOs

Provides key cyber risk management concepts that business leaders should consider to protect their organization’s systems from cyber threats. Read the Primer for CEOs.

Industrial Control Systems Cybersecurity for the C-Level

Provides a tool to help facilitate the communication of strong, basic cybersecurity principles to organizational leadership. Read the factsheet.

Law Enforcement Cybersecurity Resources

Pipeline Security Guidelines

Provides security measures for cyber assets and a list of cybersecurity planning and implementation guidance resources. Read the guidelines.

Public Transportation Information Sharing and Analysis Center

The center collects, analyzes, and disseminates alerts and incident reports, as well as sector-specific intelligence products, and helps the government understand sector impacts. To request access to this free service, please email your inquiry.

The Critical Infrastructure Cyber Community Voluntary Program

Supports critical infrastructure owners and operators interested in improving their cyber risk management processes and cyber resilience. Learn more about the program.

Transportation System Sector Cyber Working Group

This TSA sponsored public/private joint working group that provides a forum for implementing and facilitating national policies, programs, modal outreach, awareness, and information sharing. The group meets monthly and also publishes a weekly newsletter. To be invited, email your request.

Transportation Systems Sector Cybersecurity Framework Implementation Guidance