Cybersecurity and Resilience Capabilities in Transport Systems: Assessing Frameworks, Gaps, and an Integrated Maturity Model
DOI:
https://doi.org/10.47604/ajcet.3658Keywords:
Cybersecurity, Transport Systems, Resilience Maturity Model, Critical Infrastructure Protection, Risk Management, Digital ResilienceAbstract
Purpose: Transport systems are increasingly digital, exposing them to complex cybersecurity risks that threaten operational continuity and public safety, prompting this study to evaluate and enhance cybersecurity and resilience capabilities across transport networks through analysis of major frameworks from National Institute of Standards and Technology, International Organization for Standardization, and European Union Agency for Cybersecurity.
Methodology: Using a mixed-method approach that combined documentary analysis, expert interviews, and a pilot resilience maturity assessment across aviation, rail, maritime, and road sectors,
Findings: The study identified uneven preparedness levels, with aviation demonstrating stronger monitoring and recovery mechanisms while road transport showed weaker incident response coordination. Significant gaps were found in data-sharing practices, workforce awareness, and cross-sector policy alignment. In response, a Cybersecurity Resilience Maturity Model (CRMM) structured around Prevention, Detection, Response, Recovery, and Adaptation was developed to support benchmarking, guide investment decisions, and monitor resilience improvement.
Unique Contribution to Theory, Practice and Policy: The study concludes that integrated cybersecurity–resilience strategies are essential for ensuring safe, reliable, and sustainable transport operations in an increasingly connected environment.
Downloads
References
Alcaraz, C., & Lopez, J. (2018). A security analysis for SCADA and industrial control systems. Computers & Security, 75, 11–33. https://doi.org/10.1016/j.cose.2018.01.002
Belokas, G., Saroglou, H., Moschovou, T., & Vlahogianni, E. I. (2024). Enhancing the cyber-resilience of intelligent transport systems through adaptive frameworks. Transportation Research Part C: Emerging Technologies, 161, 104431. https://doi.org/10.1016/j.trc.2024.104431
Di Zhang, Z., Lee, P. T. W., Cullinane, K., & Xu, M. (2024). Building resilient maritime transport networks under cybersecurity challenges: A systematic review and future agenda. Marine Policy, 161, 105304. https://doi.org/10.1016/j.marpol.2024.105304
ENISA. (2022). Transport cybersecurity: Sectoral guidelines and good practices. European Union Agency for Cybersecurity. https://www.enisa.europa.eu
Humayed, A., Lin, J., Li, F., & Luo, B. (2017). Cyber-physical systems security—A survey. IEEE Internet of Things Journal, 4(6), 1802–1831. https://doi.org/10.1109/JIOT.2017.2703172
ISO. (2021). ISO/IEC 27001: Information security management systems. International Organization for Standardization. https://www.iso.org/standard/54534.html
Knyazkina, S. A., Khamitov, R. A., & Chernikova, O. P. (2024). Cybersecurity challenges in intelligent transport systems: Bridging operational and information technologies. IEEE Access, 12, 78234–78249. https://doi.org/10.1109/ACCESS.2024.3382675
Linkov, I., & Trump, B. D. (2019). The science and practice of resilience. Springer Nature. https://doi.org/10.1007/978-3-030-04565-4
Macaulay, T., & Singer, B. (2018). Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS. CRC Press. https://doi.org/10.1201/9781315215724
NIST. (2018). Framework for improving critical infrastructure cybersecurity (Version 1.1). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.CSWP.04162018
NIST. (2021). Cyber-Resilience Engineering Framework (CREF). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-160v2
Rossiter, J. M. (2025). Cyber resilience at smart airports: Integrating protection, detection, and recovery capabilities. Journal of Air Transport Management, 121, 102423. https://doi.org/10.1016/j.jairtraman.2025.102423
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Perry Opoku Agyeman, David Laud Amenyo Fiase
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
