Specifications include, but are not limited to: Task 1. Identify and summarize the state-of-practice in state transportation agencies’ cybersecurity initiatives, with an emphasis on OT. Include barriers, needs, opportunities, lessons learned, and successful practices. ; Task 2. Conduct a review of relevant cybersecurity literature to update the existing body of knowledge. Consideration should be given to successful practices in other industries that may be transferrable to state transportation agencies. Task 3. Identify a small group of transportation technology and cybersecurity subject matter experts to help inform development of a transportation asset classification framework for cyber risks. Task 4. Prepare an interim report. ; Task 5. Develop a high-level framework to assess cyber risk; identify strategies for preparing for, preventing and managing cyber incidents; and link transportation asset classification with cyber risk. Consideration should be given, but not limited to, the following questions or concepts.
