Cyber risk used to be a relatively simple matter of securing sensitive operator and customer data and was largely the responsibility of information technology (IT). But as technologies converge, more such risks are now associated with operations technology (OT) and Internet of Things (IoT)/Industrial Internet of Things (IIoT) infrastructure and services, whose security poses different challenges.
Meanwhile, the industry’s highly dispersed traditional operations are combining with an emerging mobility ecosystem. The development of Mobility as a Service (MaaS), which allows high volumes of user data to be exchanged via multi-operator technology platforms, is already challenging data protocols. As more third-party relationships evolve, the potential “attack surface” expands significantly. In fact, no area of the transit value chain is immune from cyber sabotage.