The North America Transportation Cybersecurity Consortium comprises of 54 public transportation agencies members and is dedicated to improving the security posture of its operational technologies, such as Power, Communications, Signaling, Public Information, and Safety Systems. This working group of public transportation agencies, cybersecurity leaders, vendors, and manufacturers developed standardized cybersecurity requirements to support a unified strategy for securing all future operational technology systems.
The main objectives of the standard requirements are the following:
- Minimize potential future costs to public agencies by including cybersecurity requirements upfront
- Suppliers, manufacturers, and integrators are aware of these baseline requirements from the start
- Requirements are prescriptive and specific to protect against commonly exploitable components of the Operational Technologies
- Requirements include technical controls and processes such as asset management, patch management, incident response, incident detection, and recovery to ensure operators know how to run the system securely after it is available in the production environment
- The requirements are portable to a systems’ component such as Active Directory or a set of system components for instance wireless, virtual servers, network security, rolling stock, etc.
- The requirements ensure that the production systems are not at the end of life or end of support before they are operational.
- Following these requirements facilitates compliance with Transportation Security Administration (TSA) Directives
For any questions specific to the requirements, please contact us at mtaocs@mtahq.org.