Skip to main content

Building a road to greater cybersecurity

Pennsylvania Turnpike Commission prepares for new opportunities and risks while driving innovation for America’s first superhighway

The starting point

When it opened in 1940, the Pennsylvania Turnpike was the nation’s first superhighway and hailed as an engineering marvel.

Eight decades later, the nation’s second longest toll road continues its legacy of innovation. The Pennsylvania Turnpike Commission, which maintains the carriageway’s 552 miles for more than 500,000 daily travellers, is embracing modern digital technologies to enhance both customer service and safety.

With the growth of enterprise data, apps and systems, the Commission has focused on enabling the intelligent highway. Their vision for the future includes supporting connected vehicles; using artificial intelligence (AI) for preventive maintenance, traffic prediction and driver alerts; and deploying Internet of Things (IoT) networks to help monitor roads, bridges and tunnels.

As the Commission has expanded its digital footprint and integrated new cloud solutions into its IT architecture, it has been keenly aware of the growing potential for cyber risks. For years, the organisation took a traditional castle-and-moat approach to cyber defence—focused on building firewalls and patching security holes as they emerged. But in 2017, leaders pivoted to a more strategic approach to cyber to address the increasingly digital nature of their organisation and the broader transportation industry.

Factors in focus

  • Mission to maintain hundreds of miles of carriageways for half a million daily travellers
  • Growing data and digital landscape, including enterprise data and cloud solutions
  • Desire to facilitate intelligent traffic systems involving AI, IoT and other emerging technologies

The way forward

In driving toward more strategic cyber capabilities, the Commission focused on understanding the organisation’s key needs.

In collaboration with Deloitte, leaders created a roadmap for a more resilient and cybersecure enterprise. Developed through a series of strategic planning sessions, the roadmap helped Commission executives fine-tune their vision for the future, identify and understand risks to the organisation and determine how they could address those risks through specific cyber actions.

As part of the planning, leaders—intent on using cyber as a business enabler, rather than simply a shield against threats—focused on adopting cyber practices and capabilities that would strongly undergird business objectives and outcomes. Identity and access management (IAM) was one key area the Commission wanted to bolster, helping ensure that the right users within the organisation would have access to the systems they needed to do their jobs. The organisation tapped Deloitte to enhance and operate its existing IAM system, while also working with Deloitte to roll out a privileged access management (PAM) Capabilities that provides system access for users such as systems administrators.

Data loss prevention was another area where leaders saw an opportunity for improvement. With greater data loss prevention measures in place, the organisation could reduce risks such as unauthorised sharing of sensitive documents. Once again, the Commission collaborated with Deloitte, creating controls and procedures to protect the organisation’s data both on premises and in the cloud.

To make its new strategic approach to cyber even stronger, the Pennsylvania Turnpike Commission worked with Deloitte to put in place new technologies and processes for cyber incident readiness, response and recovery (CIR3). Touching on systems and programmes across the organisation, the capabilities have helped assess organisational readiness and security capabilities, identify requirements and create a long-term plan for CIR3. The Commission also relied on Deloitte to provide change management services across its strategic cyber initiatives, helping employees to understand and adopt new tools and ways of working.

Deloitte also assisted the Commission in its US$110 million modernisation of a mile-long tunnel through the Appalachian Mountains—a project requiring deployment of connected environmental sensors as well as automated ventilation, lighting and video detection systems, among other technologies. Deloitte provided critical cyber support during the design phase of the project, including professionals with multiple specialties and skillsets—such as a consultant with deep understanding of industry-specific engineering requirements for critical infrastructure and leading practices for cybersecurity, network infrastructure and business requirements.

By working with Deloitte to bring more strategic cyber capabilities across multiple areas of its business, the Pennsylvania Turnpike Commission has positioned itself to be an even more resilient enterprise as it continues to improve and innovate its historic highway. In addition to stronger controls for its data and systems, the Commission has elevated confidence and integrity in its enterprise systems, which should allow for faster integration of new technologies in the future. And with an improved cybersecure posture, the organisation can focus more on its core mission to make travel safer and more reliable for its customers.

The achievements

Let’s talk cyber

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey