NIST draft aims to address growing cyber risk in transportation sector

The National Institute of Standards and Technology has unveiled a draft Transit Cybersecurity Framework Community Profile to help public and private transit agencies better manage growing cyber risks across transportation systems classified as critical infrastructure, Nextgov/FCW reports.

The voluntary framework, developed by NIST's National Cybersecurity Center of Excellence, is designed to address cybersecurity gaps in a sector that has lagged behind other sectors, such as energy and utilities. NIST noted that cyberattacks against transit systems have become more frequent and damaging as agencies adopt digital tools while relying on aging and mobile infrastructure.

The guidance helps organizations align their security activities with NIST's Cybersecurity Framework 2.0, while accounting for transit-specific challenges like wireless connectivity, safety-critical operations, and legacy systems. It recommends prioritizing protection of functions tied directly to passenger safety and service continuity, including signaling, dispatching, and communications.

The framework also emphasizes collaboration among agencies, vendors, and federal partners and is built to scale, allowing both small transit operators and large regional systems to adapt the guidance based on resources and risk tolerance.