Santa Clara VTA holds first cybersecurity tabletop exercise
Santa Clara Valley Transportation Authority (VTA) held its first cybersecurity preparedness exercise on May 25. The tabletop exercise was developed to build the authority’s defenses against Advanced Persistent Threats, including denial-of-service ransom attacks, cyber-terrorists, “hactivists” and cyber espionage.
The training was coordinated with the Transportation Security Administration (TSA) and brought together multiple departments and agencies, including representatives from the Federal Bureau of Investigation (FBI), the Santa Clara County Sheriff’s Department, the San Jose Police Department and other transit partners from the Bay Area.
“This event brings internal and external stakeholders together to talk through a scenario involving a cyber threat,” said Santa Clara VTA Chief of System and Security Aston Greene. “This effort is for us to start the preparedness process to make sure our networks are secure, so we can make sure our patrons and employees are protected from those threats.”
Santa Clara VTA’s executive team received a cyber-intelligence briefing and senior directors and managers worked through various attack scenarios as a tool to build its resiliency and preparedness. Greene explained the exercise helps prepare stakeholders for the possibility of having to identify, isolate and solve potential threats.
Cybersecurity is a growing threat, but one that the transit industry, in general, appears to be behind in preparing to combat. The Mineta Transportation Institute reports 42 percent of transit agencies do not have an incident response plan, 36 percent do not have a disaster recovery plan and 53 percent do not have a continuity in operations plan.
In Mass Transit’s 2023 Mobility Outlook survey, 67 percent of respondents reported cybersecurity is a concern for their agencies. However, 36 percent of respondents did not know if their agencies had cyber insurance, a cybersecurity designate or a cybersecurity incident response plan.
Conducting a tabletop exercise, like the one Santa Clara VTA conducted, is a key step toward preparing against cyber threats. The authority says it will hold additional tabletop exercises in the months ahead to build on this training as part of a multi-year training and exercise program aimed at the prevention of cyber-attacks and the ability to protect VTA employees and customers from their impacts.
Santa Clara VTA will be the first in the nation to participate in the TSA ‘Cy-BASE’ program, which is a voluntary assessment of the agency toward evaluating defenses against cyber threats. These exercises will culminate in identifying best practices and solutions specific to VTA that will strengthen the agency’s cyber program and build resiliency for the agency.
“Collaborating with internal and external partners will greatly enhance our operational readiness to keep our transit system safe from cyber threats that can impact our service,” said Carolyn Gonot, Santa Clara VTA general manager and CEO.
Mischa Wanek-Libman | Group Editorial Director
Mischa Wanek-Libman is director of communications with Transdev North America. She has more than 20 years of experience working in the transportation industry covering construction projects, engineering challenges, transit and rail operations and best practices.
Wanek-Libman has held top editorial positions at freight rail and public transportation business-to-business publications including as editor-in-chief and editorial director of Mass Transit from 2018-2024. She has been recognized for editorial excellence through her individual work, as well as for collaborative content.
She is an active member of the American Public Transportation Association's Marketing and Communications Committee and served 14 years as a Board Observer on the National Railroad Construction and Maintenance Association (NRC) Board of Directors.
She is a graduate of Drake University in Des Moines, Iowa, where she earned a Bachelor of Arts degree in Journalism and Mass Communication.