Protecting local transit from cyber threats

Large mass transit agency improves their cyber posture with CAI.

Challenge

Increased threats, insufficient planning

A large, public mass transit agency oversees commuter rail operations for 6 counties across the state. The agency manages day-to-day operations, fare and service levels, finance, capital improvements, passenger safety, and system planning for a large and busy ridership.
Public transit is a key part of local government critical infrastructure—ensuring safe, reliable commutes for local citizens. With such an important function, transit agencies must stay ahead of cyber threats and remain protected.

This agency knew that, due to their position and size, they were an attractive target for attacks, and they were becoming increasingly vulnerable to cyber threats. Specifically, they needed assistance in:

  • Processes and governance
  • Visibility into assets and issues
  • Accountability across departments
  • Tools and technology to monitor cyber traffic
  • Visibility and transparency into the assets connecting their networks

As such, the agency requested the assistance of a CAI cybersecurity team and embarked on an initiative to improve monitoring capabilities, strengthen their cyber posture, and become better prepared.

Solution

A trusted partner for cybersecurity strategy and guidance

The CAI team provided assessment, advisory, and remediation services to improve the agency’s cyber posture. The agency partnered with CAI to:

  • Assist in the development of missing governance policies
  • Assess the technical ecosystem and identify vulnerabilities
  • Formulate a roadmap and remediation plan
  • Identify gaps and a prioritization methodology
  • Advise on strategies, initiatives, and optimization such as tool selection and implementation
  • Retest and measure remediation efforts to ensure they met intended benefits

The CAI team leveraged partners specializing in penetration testing as well as incident response to support this client. Both were subcontractors under CAI.

Results

Alignment, flexibility, and improved security posture

This agency’s partnership with CAI allowed it to identify and assess its most critical cybersecurity demands. The team helped the agency identify vulnerabilities, define a long-term strategy, assess, and align security initiatives with the strategy.
They also helped execute a remediation plan to improve its security posture. CAI provided full-time access to security expertise and remediation guidance, with the flexibility to deliver services fully onsite, fully remote, or in a hybrid format.

With the help of CAI, the agency:

  • Developed their first Incident Response Plan
  • Established their vulnerability management process
  • Established an asset management and tracking process

This client’s Incident Response Plan was reviewed by the Transportation Security Administration (TSA) and praised for its completeness and attention to detail.

With new processes and documentation in place, the agency is better able to protect itself from increasingly prominent cyber threats.

To learn more about creating an incident response plan and strengthening your organization’s cyber posture, check out Five proven ways to facilitate cybersecurity best practices.

Let's talk!

Interested in learning more? We'd love to connect and discuss the impact CAI could have on your organization.

All fields marked with * are required.

Please correct all errors below.
Please agree to our terms and conditions to continue.

For information about our collection and use of your personal information, our privacy and security practices and your data protection rights, please see our privacy policy and corresponding cookie policy.