Skip to content
STV
  • Our Work
    • MarketsThe infrastructure that powers our lives.
    • ServicesWe work harder so our solutions work better.
    • Infrastructure ReimaginedHow STV is shaping the future.
    • PortfolioProjects that are making communities better.
    • Infrastructure is economic development.

      Infrastructure is economic development.

      It helps create a better quality of life and more opportunities for communities.

  • About Us
    • How We WorkWe understand. We serve. We collaborate.
    • Where We Are60+ offices across North America.
    • What We BelieveMaking communities better with integrity, partnership and optimism.
    • How We Got HereGenerational impact for over a century.
    • We’re here to improve communities.

      We’re here to improve communities.

      Our sense of purpose drives us.

  • Careers
    • Make a Positive Impact on Your Local CommunityJoin us to create the future you want.
    • Life at STVWe are a team.
    • Job ListingsFind the right opportunity for you.
    • Forget the career ladder.

      Forget the career ladder.

      At STV, your career path grows around you.

  • Insights
    • Thought LeadershipFirst-person perspectives and reflections from our team.
    • Industry ExpertiseDeep dives for projects that makes communities better.
    • Project ExcellenceHow our work is shaping the trends moving the industry.
    • We have an eye on the future.

      We have an eye on the future.

      Learn what's next in the industry.

  • News & Events
    • NewsRead our timely news and latest stories.
    • EventsConnect with us at industry events in your community.
    • We're on the move.

      We're on the move.

      See what's happening at STV.

  • Contact Us

Future Focused

Prioritizing a Better Perimeter Around Transit OT Infrastructure

Published

December 12, 2023

person typing on laptop

As public transit agencies continue to move towards leveraging digital solutions to enhance operations, provide visibility for the public, and expand their capability to manage their infrastructure, the need for a more robust cybersecurity plan has become essential.

While cybersecurity threats to operational technologies have been a known risk to public infrastructure for years, the issue garnered more attention following the 2021 ransomware attack on Colonial Pipeline in Houston, TX. In this instance, hackers extorted Colonial for $4.4 million by infecting some of the pipeline’s digital systems with malware. While the attack did not impact the organization’s OT systems, Colonial shut down the flow of oil for several days to mitigate the impacts of the attack, subsequently restricting access to fuels for millions of customers, and causing President Biden to declare a state of emergency.

Due to the nature of these threats, escalating international tensions, and the prevalence of criminal organizations turning to digital means to extract payment from organizations, the Transportation Security Administration issued new cybersecurity directives regulating designated passenger and freight railroad carriers to enhance cybersecurity preparedness and resilience for the nation’s railroad operations in October of 2021. These directives include a diverse list of requirements and controls including, but not limited to:

  • Appoint a Cybersecurity Coordinator
  • Develop, implement, and test a Cybersecurity Incident Response Plan
  • Develop network segmentation policies and controls and restrict access to Operational Technology (OT) systems from IT systems to secure and prevent unauthorized access to critical cyber systems
  • Build continuous monitoring and detection policies and procedures to detect cybersecurity threats and correct anomalies that affect critical cyber system operations
  • Reduce the risk of exploitation of unpatched systems through the application of security patches and updates for operating systems, applications, drivers, and firmware.

During a recent American Public Transportation Association (APTA) panel that I participated in, we discussed this growing concern for transit agencies. Common cybersecurity incidents that may threaten transit agencies involve phishing, social engineering, business e-mail compromise, data breaches, ransomware, and supply chain and procurement-related risks. There is a recognition throughout the industry that such an attack on our transit infrastructure can pose a financial threat to the operator. We also need to address concerns about impacts on continuity of operations and safety.

At STV, our team of rail systems and cybersecurity experts are currently working with our public transit clients to support the development of cybersecurity programs to better secure OT systems. We have experience providing project management services on behalf of the transit operators for these programs. We’re able to work with agencies of all sizes to help identify program gaps and implement strategies to bolster their cybersecurity posture. Our ability to support secure architecture design, implementation and planning, in addition to understanding the operational security requirements (plans, policies, procedures, training, and exercises) makes STV an ideal partner for agencies looking to improve their cybersecurity and address requirements and recommendations from the TSA.

We understand that cybersecurity is top of mind for transit operators and that they want to understand how to better safeguard their OT systems and sustain operational resilience by addressing gaps or inherent weaknesses within their controls. The world is changing and how OT is implemented and protected should change with it.

Strengthening the perimeter, implementing micro-segmentation – where security zones are created around individual devices, applications or services with an OT network that, in turn, isolates them from other parts of the network – enhancing asset visibility, managing the collection of information, and being able to effectively respond to incidents, are all key items to consider.

While progress is being made, our industry still collectively suffers from a lack of awareness and education that will help in better safeguarding OT systems. Protecting our infrastructure against risk in all its forms is an ever-evolving process. Fortunately, many leaders from throughout our industry are coming together to develop a common language and approach that will help bring more of a culture of cybersecurity into the mainstream for public transit operators.

Matthew Dimmick Headshot

Matthew Dimmick is a senior security development manager at STV. Throughout his professional career, Dimmick has experience providing security consulting and embedded project management, and has served as owner’s representative for agencies addressing various physical, information, and cyber security projects.

American Public Transportation Association APTA infrastructure security transit

Featured

Related News & Insights

traffic security cameras

Future Focused

Using Private Data Ecosystems for Secure Intelligent Transportation Systems

SEPTA Train

Deep Dives

Creating a Modern Traction Power Converter Facility for SEPTA

Cybersecurity locks over an illustrated city

Q+As

Creating a Road Map for Cybersecurity Resilience for Rail and Transit Agencies

  • Privacy Policy
  • STV Logo
  • Sitemap
This field is for validation purposes and should be left unchanged.

Copyright 2025 © STV Incorporated. All rights reserved.