Toronto Transit Commission (TTC) is a public transit agency that provides an average of 1.1 million rides per day on its transit system. Pre-pandemic there were 1.7 million average daily rides. It is the largest public transit system in Canada and the third largest in North America.
Canadian Cyber Centre in its ‘National Threat Assessment 2023-2024’ has identified the transportation sector as a critical infrastructure sector that is increasingly at risk from cyber threat activity.
According to the Canadian Cyber Centre National Cyber Threat Assessment:
“Critical infrastructure is still a prime target for both cybercriminals and state-sponsored actors alike.”
“…Ransomware is a persistent threat to Canadian organizations… Critical infrastructure is increasingly at risk from cyber threat activity…” and “Cybercriminals deploying ransomware… will continue to adapt their methods to maximize profits…”
Information technology plays a vital role in all aspects of TTC operations. In 2021, TTC became a victim of a ransomware cyber-attack. Cyber attackers affected several computer systems and critical services, including the VISION system that is used to communicate with vehicle operators, online Wheel Transit bookings, and TTC’s internal email service.
Cyber-attacks on Public Transit Systems in North America
According to the Washington Post article published on May 19, 2023, a former contractor for the Washington Metropolitan Area Transit Authority (WMATA) managed to log in and access critical and sensitive WMATA systems from overseas, despite the termination of this individual’s contract.
The article also cited other cybersecurity incidents on transit systems, such as:
- A ransomware gang said this year that it exposed stolen data from San Francisco’s Bay Area Rapid Transit.
- Two years ago, hackers hit both New York’s Metropolitan Transit Authority and the Toronto Transit Commission.
- In 2020, ransomware struck Vancouver’s TransLink, leading to the disabling of its payment systems. That caused issues for some riders. The hackers also accessed employees’ sensitive personal information, and TransLink lost its communications systems.
- Also in 2020, hackers hit the Southeastern Pennsylvania Transportation Authority with a ransomware attack.
Cyber attacks continue to occur on public sector organizations. More recently, Toronto Public Library became victim of a cybersecurity attack. CityNews Toronto in its November 2, 2023 newscast reported the following:
“The Toronto Public Library (TPL) continues to deal with a cybersecurity incident that came to its attention last weekend.
The TPL website remains down, and online services such as “Your account,” digital collections, computers and printers at branches are out of service.“
The Auditor General has been proactive in her audits of cybersecurity and has completed several vulnerability assessments and penetration testing of critical systems at the City, and its agencies and corporations. In March 2022, the Auditor General completed the phase 1 audit on critical IT assets and processes used to manage IT system users at TTC. The public report is available at:
This Phase 2 report includes the results of our cybersecurity audit of TTC’s IT network, systems and applications. The report contains three administrative recommendations and nine confidential recommendations. The confidential findings and recommendations are contained in Confidential Attachment 1 to this report. The Auditor General will re-test cybersecurity controls after management has implemented the recommendations.
This report contains three administrative recommendations. The confidential findings and recommendations from our audit are contained in Confidential Attachment 1.
Confidential Attachment 1 to this report involves the security of the property of the City of Toronto or one of its agencies and corporations.
Cyberattacks are widely considered to be one of the most critical operational risks facing organizations. According to the Canadian Centre for Cyber Security Bulletin, 2021: “2021 has been marred by a series of high-profile ransomware attacks around the world… In the first half of 2021, global ransomware attacks increased by 151% when compared with the […]
Some critical infrastructure at the City, such as the Toronto Water treatment plants, use Operational Technology (OT) systems called industrial control systems (ICS). ICS systems include supervisory control and data acquisition (SCADA) systems. SCADA systems monitor and control the equipment and devices used in critical infrastructure. The Canadian Cyber Security Centre describes how ICS and […]
Over the past decade, the City of Toronto, like other large organizations, is increasingly conducting business and key operations online and in a networked environment. This makes operations more efficient and citizens are served better. The City stores a vast amount of confidential and sensitive data, such as information about employees and citizens’ personal records. […]
Over the past decade, the City of Toronto, like other large organizations, is increasingly conducting business and key operations online in a networked environment. This makes operations more efficient and citizens are served better. The purpose of this report is to communicate security incidents that occurred at a City division and a City organization and […]
Cyberattacks are widely considered to be one of the most critical operational risks facing organizations. This Phase 1 report includes the results of a review of critical systems in Toronto Fire Services (TFS). This report contains two administrative recommendations. The confidential findings and recommendations from our review are contained in Confidential Attachment 1. Reason for […]
The purpose of this report is to: Communicate to Audit Committee and City Council that the Auditor General has commenced a review of a Toronto Fire Services’ critical system; and Recommend that the Chief Technology Officer continue expediting the Auditor General’s prior cybersecurity-related audit recommendations, so the City is ready to prevent, detect and respond […]
In our report entitled “Audit of Information Technology Vulnerability and Penetration Testing – Phase 1: External Penetration Testing” we highlighted to the City management that insufficient preparation to manage cyber threats is widely considered as one of the most critical operational risks facing the organizations. The City, as well as its agencies and corporations are […]
In a December 12, 2019 letter to the Auditor General, the Toronto Police Services Board requested the Auditor General to conduct a cybersecurity audit. Given the size and importance of Toronto Police Service (TPS) and the sensitivity of the information it retains, the Auditor General prioritized the allocation of resources on the request and agreed […]