Implications of the 2020 Sunburst Cybersecurity Attack for Transit Agencies: Addressing Vulnerabilities

You are here

New MTI perspective examines what transit agencies can learn from the worst cyber-attack in U.S. history
January 18, 2021
San José, CA

In December 2020, the cybersecurity firm FireEye discovered the worst cyber-attack in our nation’s history. While the full ramifications of this attack remain to be seen, the investigation revealed that more than 18,000 organizations may have been breached, including the Department of Defense and computer systems used by state and local governments, and critical infrastructure services such as the San Francisco International Airport.  The new Mineta Transportation Institute (MTI) perspective Implications of the Sunburst Cybersecurity Attack addresses the damage caused by this attack and what public and private organizations, including transit agencies, can do to mitigate future attacks.

Although the specific effects of the Sunburst attack on transit agencies is not yet understood, transit agencies have recently been confirmed targets of several other cyber-attacks. One such attack on the Southeastern Pennsylvania Transportation Authority in August of 2020 took down its real-time bus and rail information for two full weeks. Another recent, severe attack occurred in 2017 against Sacramento Regional Transit (SaRT) in which SaRT suffered a ransomware attack that crippled its website and destroyed data. Researchers have also previously proven hackers could take over the brakes and controls of vehicles. These instances hint at the potential damage of the Sunburst attack and others.

Moreover, an October 2020 MTI study,  Is the Transit Industry Prepared for the Cyber Revolution? Policy Recommendation to Enhance Surface Transit Cyber Preparedness found most public transit agencies acutely unprepared when facing cybersecurity threats and found that only 60% of agencies had any cybersecurity program in place even though 80% reported they were prepared.

“Cybersecurity is a growing concern for public transit managers, as control and management systems become increasingly dependent on information technology. These systems are vulnerable to increasingly sophisticated direct and indirect cyberattacks. Given these increasing risks, the transit industry and its technology managers must take proper steps to ensure the security of their cyber systems,” says Vice Chair of the APTA Board of Directors Jeff Nelson.

Agencies must prioritize cybersecurity by:

  • Investing in their cybersecurity infrastructure, from effective hiring of cybersecurity expertise to ensuring alignment with the agency’s overall strategy;
  • Educating persons within the organization about cyber-attack risks, especially phishing, which is by far the most common type of cyber-attack; and
  • Requiring vendors to manage their cyber risk by contractually requiring vendors to maintain state-of-the-art cyber protections.

Cyber-attacks are ultimately inevitable. Fortunately, agencies can take action to help protect themselves from attacks and to prepare for any breaches that do occur, thus ensuring the critical transportation systems of our nation continue running smoothly and safely.



At the Mineta Transportation Institute (MTI) at San Jose State University (SJSU) our mission is to increase mobility for all by improving the safety, efficiency, accessibility, and convenience of our nations’ transportation system. Through research, education, workforce development and technology transfer, we help create a connected world. MTI was founded in 1991 and is funded through the US Departments of Transportation and Homeland Security, the California Department of Transportation, and public and private grants. MTI is affiliated with SJSU’s Lucas College and Graduate School of Business.


Scott Belcher, JD, MPP, is an MTI Research Associates, and the CEO of SFB Consulting, LLC. Prior to founding SFB Consulting, LLC he served for two years as the CEO of the Telecommunications Industry Association and for seven years as the CEO of the Intelligent Transportation Society of America.

Brandon Thomas, MBA is an MTI Research Associate, a Partner at Grayline Group, a firm focused on helping organizations understand and manage for disruption, as well as a Managing Partner of Blockview Partners, a firm focused on understanding the emerging blockchain and cryptocurrency space. He is co-author of “Chain Reaction: How Blockchain Will Transform the Developing World,” to be published by Palgrave Macmillan in spring 2021.


Media Contact:

Irma Garcia,

MTI Communications and Operations Manager

O: 408-924-7560



Contact Us

SJSU Research Foundation   210 N. 4th Street, 4th Floor, San Jose, CA 95112    Phone: 408-924-7560   Email: