Making sure cyberthreats don’t derail public transport
One weekend in November 2016, riders of San Francisco’s Muni light rail transit system got an early holiday treat. Following a ransomware attack on the computerised fare system, the Muni, which also runs buses and the city’s famed cable cars, decided to turn off the payment machines and open the gates, allowing Metro passengers to ride for free. It lasted two days, while the authorities sought to figure out who had hacked the computer system, reportedly demanding 100 Bitcoin. Muni decided not to pay up, and by Monday they had managed to get the system back to normal. While the cybercrime disrupted Muni’s computer operations, it could have been worse. And that left experts wondering how transit authorities would respond to a much more severe attack from cyberterrorists intent on causing real damage.