Lead PI: Kailai Wang
Federal Fund Allocation (Year 2024-2025): $30,000(UC)+$40,000(UH)
Project Description
Public transportation systems have become increasingly reliant on advanced, interconnected technologies—ranging from wirelessly linked vehicle control and mobile fare payment platforms to onboard Wi-Fi, automatic passenger counters, and traffic-signal preemption—to deliver efficient, user-friendly service. However, each added component expands the system’s attack surface, making buses, light rail, vanpools, and paratransit networks attractive targets for cybercriminals seeking to disrupt operations or harvest sensitive data. A successful breach can lead to service outages that strand commuters, compromise passenger privacy and safety through data leaks or manipulated safety messages, and incur steep financial and legal penalties. Moreover, transit agencies face growing regulatory mandates requiring demonstrable cybersecurity compliance and resilience planning. By investing in robust authentication, continuous monitoring, incident response capabilities, and system hardening, agencies not only safeguard against unauthorized access and minimize downtime but also build the public’s confidence that personal information and physical safety are being protected—an foundation for sustained ridership and the evolution of connected and automated mobility.
Recognizing the complexity of this mission, our team has devised the proposed project to achieve our shortterm goal, a first step towards realizing our long-term vision. This project will focus on the practical experiences of public transit agencies: 1) the integration of emerging technologies in public transit, 2) plans for deploying CAVs, 3) existing data storage and security strategies, and 4) real and perceived risks of security breaches. The decision to initially focus on public transit agencies is intentional, driven by research indicating a growing reliance on modern technologies within these organizations. By prioritizing the technical aspects and vulnerabilities of current transit technologies, this research shall address the need for robust cybersecurity measures in the face of potential threats, ensuring the security and reliability of operations, infrastructure, and passenger information.
Our project’s objectives are: (1) capturing information about technologies deployed and being considered by a wide range of public transit agencies in different geographical regions with different levels of economic development; (2) adopting a suite of AI techniques and third-party data to understand the factors associated with the experiences of public transit agencies; (3) identify and mitigate transit cybersecurity risks and to facilitate ongoing cybersecurity information exchange among transit agencies, their vendors, and cybersecurity researchers.