TO: AC Transit Board of Directors
FROM: Michael A. Hursh, General Manager
SUBJECT: Balancing Cybersecurity Controls with Productivity
BRIEFING ITEM
RECOMMENDED ACTION(S):
Title
Consider receiving a briefing on the District's approach to Cybersecurity control as it affects productivity. [Requested by Director Peeples - 10/9/2019]
Body
STRATEGIC IMPORTANCE:
Goal - Financial Stability and Resiliency
Initiative - Infrastructure Modernization
This briefing item will allow the Board to take a fresh look at Information Technology Policies, get an update on newer risks associated with Cyber threats, and understand productivity impacts due to extra measures being put in place following recent Cyber events.
BUDGETARY/FISCAL IMPACT:
This is a briefing item and has no fiscal impact.
BACKGROUND/RATIONALE:
Due to exponential growth in deployment of Information Technology based solutions in Transit, everything is connected to the enterprise network, not to mention the tremendous growth in computers and smart devices in normal business operations. Most of the District's systems collect and generate a tremendous amount of data. Bus engines, traffic control systems, security video systems, ticket vending machines, operator badge systems, and even the facilities Heating Cooling & Ventilation Systems are communicating with other components, either generating data or consuming data. This connected enterprise makes the network vulnerable and subject to major cybersecurity risks. A single wrong click to a malicious websitecan provide access to hackers to disrupt the entire District operations.
Over the last several months, the District has increasingly become the target of malicious actors looking to exfiltrate personal information, accounting, and financial data. According to InfoTech, the transportation industry has been the favored target for cyber-attacks where state sponsored threat actors seek to disrupt operations. In another report by the FBI, Business Em...
Click here for full text