
NIST Issues Draft Cybersecurity Profile Targeting Transit Systems' Unique Risks
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
Patch Rush, Penalties and Power Plays: This Week’s Cybersecurity Events
A fast-exploited Fortinet flaw and an agentic-AI vulnerability in ServiceNow forced urgent remediation, while telecoms, a university, and a logistics provider faced data and security crises that drew enforcement and public scrutiny. National agencies issued OT and zero-trust guidance and investors poured $136M into defense-focused software, highlighting shifting incentives toward resilience and regulatory accountability.

Industrial Control Systems: Rising pre‑positioning and ransomware force OT resilience shift
By 2026, adversaries will increasingly combine quiet, long‑dwell reconnaissance with financially motivated ransomware and faster weaponization to exploit ICS. Defenders must adopt CTEM, identity‑centric controls (including comprehensive machine‑identity inventories and rapid revocation), OT‑aware zero trust, SBOM-driven supply‑chain visibility, and conservative AI-based anomaly detection to preserve uptime and compress remediation windows.
U.S. security roundup: AI-enabled attacks rise, 277 water systems flagged, Disney hit with $2.75M fine
Adversaries are increasingly integrating generative models and automated agents into fast-moving attack chains while federal disclosures and vendor research expose concrete infrastructure and supply‑chain gaps—from 277 vulnerable water utilities to a configuration flaw affecting about 200 airports. Regulators and vendors responded with fines, guidance and new attribution frameworks, but rapid exploit timelines and legacy OT constraints mean systemic exposures will persist without accelerated patching, stronger identity controls and tighter vendor oversight.
Nissan's Quiet Playbook for Rolling Out Autonomous Public Transit
Nissan is advancing autonomy as a staged public-transport solution, prioritizing operational pilots, municipal coordination, and rider acceptance over flashy product announcements. Recent multi-site trials in Yokohama and Kobe provide real-world data and a conditional timetable aimed at paid service launches from fiscal 2027 and broader deployment by around 2030.

U.S. Treasury to publish AI cyber-risk guidance for financial firms
The U.S. Treasury will roll out a set of six practical resources this February, created by a public-private oversight group to help financial firms manage cyber and AI risk. The materials aim to set baseline practices across governance, data stewardship, transparency and fraud controls to support safer AI adoption in banking and related services.

U.S. Signals Tighter Cyber Retaliation Tied to Adversary Moves, Seeks Industry Coordination
A senior cyber policy official said the forthcoming national cyber strategy will tie U.S. responses in cyberspace to the demonstrable actions of foreign adversaries and broaden coordination with industry, subnational governments and other policy offices — including work to harden AI stacks and infrastructure that officials see as increasingly targeted by automated campaigns.
U.S. Information‑Sharing Under Strain: Law Sunset, Budget Cuts and Operational Drag Threaten Timely Threat Intelligence
A key 2015 information‑sharing statute has lapsed pending reauthorization, and CISA faces a near $500 million reduction in resources, undermining the speed and fidelity of threat intelligence between government and industry. Recent high‑velocity exploits, supply‑chain disclosures and regulatory penalties show why near‑real‑time, context‑rich sharing is increasingly critical — and increasingly brittle without legal clarity and processing capacity.
BVLOS Modernization — SAFE ReMo Urges Risk-Tiered, Interoperable U.S. Framework
SAFE’s Reimagined Mobility brief urges treating BVLOS as national low‑altitude infrastructure and finalizing Parts 108 and 146 with risk‑tiered, performance‑based rules and federal interoperability requirements. The call comes as regulators and auditors tighten focus — the FAA has narrowly reopened BVLOS comments on electronic position broadcasting and right‑of‑way (comment window through Feb. 11, 2026) while the GAO highlights governance and verification gaps — increasing the premium on data‑driven, interoperable solutions.