Skip to main content

Building a road to greater cybersecurity

Pennsylvania Turnpike Commission prepares for new opportunities and risks while driving innovation for America’s first superhighway

The starting point

When it opened in 1940, the Pennsylvania Turnpike was the nation’s first superhighway and hailed as an engineering marvel.

Eight decades later, the nation’s second longest toll road continues its legacy of innovation. The Pennsylvania Turnpike Commission, which maintains the roadway’s 552 miles for more than 500,000 daily travelers, is embracing modern digital technologies to enhance both customer service and safety.

With the growth of enterprise data, apps, and systems, the Commission has focused on enabling the intelligent highway. Their vision for the future includes supporting connected vehicles; using artificial intelligence (AI) for preventive maintenance, traffic prediction, and driver alerts; and deploying Internet of Things (IoT) networks to help monitor roads, bridges, and tunnels.

As the Commission has expanded its digital footprint and integrated new cloud solutions into its IT architecture, it has been keenly aware of the growing potential for cyber risks. For years, the organization took a traditional castle-and-moat approach to cyber defense—focused on building firewalls and patching security holes as they emerged. But in 2017, leaders pivoted to a more strategic approach to cyber to address the increasingly digital nature of their organization and the broader transportation industry.

Factors in focus
 

  • Mission to maintain hundreds of miles of roadways for half a million daily travelers
  • Growing data and digital landscape, including enterprise data and cloud solutions
  • Desire to facilitate intelligent traffic systems involving AI, IoT and other emerging technologies

The way forward

In driving toward more strategic cyber capabilities, the Commission focused on understanding the organization’s key needs.

In collaboration with Deloitte, leaders created a roadmap for a more resilient and cybersecure enterprise. Developed through a series of strategic planning sessions, the roadmap helped Commission executives fine-tune their vision for the future, identify and understand risks to the organization, and determine how they could address those risks through specific cyber actions.

As part of the planning, leaders—intent on using cyber as a business enabler, rather than simply a shield against threats—focused on adopting cyber practices and capabilities that would strongly undergird business objectives and outcomes. Identity and access management (IAM) was one key area the Commission wanted to bolster, helping ensure that the right users within the organization would have access to the systems they needed to do their jobs. The organization tapped Deloitte to enhance and operate its existing IAM system, while also working with Deloitte to roll out a privileged access management (PAM) capability that provides system access for users such as systems administrators.

Data loss prevention was another area where leaders saw an opportunity for improvement. With greater data loss prevention measures in place, the organization could reduce risks such as unauthorized sharing of sensitive documents. Once again, the Commission collaborated with Deloitte, creating controls and procedures to protect the organization’s data both on premises and in the cloud.

To make its new strategic approach to cyber even stronger, the Pennsylvania Turnpike Commission worked with Deloitte to put in place new technologies and processes for cyber incident readiness, response, and recovery (CIR3). Touching on systems and programs across the organization, the capabilities have helped assess organizational readiness and security capabilities, identify requirements, and create a long-term plan for CIR3. The Commission also relied on Deloitte to provide change management services across its strategic cyber initiatives, helping employees to understand and adopt new tools and ways of working.

Deloitte also assisted the Commission in its US$110 million modernization of a mile-long tunnel through the Appalachian Mountains—a project requiring deployment of connected environmental sensors as well as automated ventilation, lighting, and video detection systems, among other technologies. Deloitte provided critical cyber support during the design phase of the project, including professionals with multiple specialties and skillsets—such as a consultant with deep understanding of industry-specific engineering requirements for critical infrastructure, and leading practices for cybersecurity, network infrastructure, and business requirements.

By working with Deloitte to bring more strategic cyber capabilities across multiple areas of its business, the Pennsylvania Turnpike Commission has positioned itself to be an even more resilient enterprise as it continues to improve and innovate its historic highway. In addition to stronger controls for its data and systems, the Commission has elevated confidence and integrity in its enterprise systems, which should allow for faster integration of new technologies in the future. And with an improved cybersecure posture, the organization can focus more on its core mission to make travel safer and more reliable for its customers.

The achievements

Let’s talk cyber

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey