MTA Cybersecurity Consortium

About

Collaborate

Knowledge Sharing

Standards

This in-person event brings together cybersecurity industry leaders and transportation sector experts to share insights, knowledge, and real-world experiences. Our participants include the following:

Critical Infrastructure Partners
Public Transportation Entities
US Regulating Entities
Law Enforcement
Policy Makers

This year’s agenda will feature key insights and progress in the transportation systems security with a focus on:

Current state of security in the rail and bus sectors, including emerging trends, technological innovations, and operational shifts
Perspectives from executive and operational transportation leaders, reflecting on successes, challenges, and strategic developments over the past year
Live Hackathon and workshops to learn about the challenges and solving real world problems
In-depth discussions on regulatory requirements and the broader implications for the transportation industry

Agenda

Day One: Wednesday, November 12 (DRAFT)

Morning Sessions	Check-in and Breakfast (8am) Welcome and Opening Remarks (9am) Panel #1: Rail and Bus Executives' Perspective on the Current Cyber Landscape
Morning Break	BREAK
Mid-Morning Sessions	Industry Outlook: Trends, Challenges, and Opportunities Panel #2: Federal Executives’ Insights into Regulatory and Policy Requirements
Lunch Break	LUNCH
Afternoon Sessions	Case Study Insights Panel #3: Protecting Revenue and Fare Collection Systems Case Study Insights
Afternoon Break	BREAK
Mid-Afternoon Sessions	Panel #4: State of Collaboration: CIO, CTO, CISO and OT Executives Case Study Insights
Closing	Day One Closing Remarks (5pm)

Day Two: Thursday, November 13 (DRAFT)

Morning Sessions	Check-in and Breakfast (8am) Day Two Opening Remarks/Day One Recap (9am) Opening Keynote - CISA Executive Panel #5: Leading Together: Public–Private Partnership in Cybersecurity
Morning Break	BREAK
Mid-Morning Sessions	Presentation: Artificial Intelligence Panel #6: How AI is Redefining Cybersecurity
Lunch Break	LUNCH
Afternoon Sessions	HACKATHON STARTS (concludes on Day 3) Presentation: FRA Updates Panel #7: Supply Chain Security Challenges & Solutions in Transportation
Afternoon Break	BREAK
Mid-Afternoon Sessions	Case Study Insights Presentation: NIST Framework for Transportation Sector
Closing	Day Two Closing Remarks (5pm)
5:00pm - 7:00pm	Networking Mixer

Day Three: Friday, November 14 (DRAFT)

Morning Sessions	Check-in and Breakfast (8am) Day Three Opening Remarks/Day Two Recap (9am) Panel #8: Cybersecurity Developments in Rail Infrastructure: An OT Leadership Update Panel #9: Electric Bus and Charging Systems Security
Morning Break	BREAK
Mid-Morning Sessions	Workshop #1: Access Control Across All Rail Infrastructure Workshop #2: Defining and Building Incident Detection on Rail Infrastructure Systems
Lunch Break	LUNCH
Afternoon Sessions	Hackathon Outcomes
Closing	Event Wrap-Up (3pm)

Directions

MTA Consortium Address

MTA Headquarters
2 Broadway
New York, NY 10004

Email: cyberconsortium@mtahq.org

Using the Map

Click Directions
Choose your mode of transportation:
- To get driving directions, click Driving
- To get transit directions, click Transit
- To get walking directions, click Walking
- To get cycling directions, click Cycle

Tip: To choose another route in any transportation mode, click the corresponding icon. Each route shows the estimated travel time on the map.

Accommodations

Hotel: DoubleTree by Hilton NY Downtown
Address: 8 Stone Street, New York, NY
Phone: 212-480-9100

The hotel is conveniently located two blocks from three MTA subway stations:

Bowling Green ( and lines)
Wall Street/William Street ( and lines)
South Ferry ( line)
Brief 1 minute walk to MTA Headquarters

Reserve your guest room by Saturday, October 11 before midnight to secure our discounted conference rates:

King room $329 + tax* per night
Double room $349 + tax* per night

Book directly via this link.

Group Name: MTA IT Department 2025
Group Code: CDT929

* If you are eligible for tax exemption, please bring a copy of your tax-exempt form/certificate to provide at check-in.

Cybersecurity Requirements for
Operational Technology Procurement

The North America Transportation Cybersecurity Consortium comprises of 54 public transportation agencies members and is dedicated to improving the security posture of its operational technologies, such as Power, Communications, Signaling, Public Information, and Safety Systems. This working group of public transportation agencies, cybersecurity leaders, vendors, and manufacturers developed standardized cybersecurity requirements to support a unified strategy for securing all future operational technology systems.
The main objectives of the standard requirements are the following:

Minimize potential future costs to public agencies by including cybersecurity requirements upfront
Suppliers, manufacturers, and integrators are aware of these baseline requirements from the start
Requirements are prescriptive and specific to protect against commonly exploitable components of the Operational Technologies
Requirements include technical controls and processes such as asset management, patch management, incident response, incident detection, and recovery to ensure operators know how to run the system securely after it is available in the production environment
The requirements are portable to a systems’ component such as Active Directory or a set of system components for instance wireless, virtual servers, network security, rolling stock, etc.
The requirements ensure that the production systems are not at the end of life or end of support before they are operational.
Following these requirements facilitates compliance with Transportation Security Administration (TSA) Directives

For any questions specific to the requirements, please contact us at mtaocs@mtahq.org.