Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

DOT Cybersecurity Incident Handling Is Ineffective and Incomplete

DOT IG Report – October 13, 2016 DOT Cybersecurity Incident Handling Is Ineffective and Incomplete Project ID:  FI-2017-001

“An effective response to cyber incidents minimizes disruptions to information systems and data losses. We conducted this audit because of DOT’s large number of information systems that contain sensitive data as well as the high number of cybersecurity incidents that the Department reports annually—2,200 in 2014 alone. Our audit objective was to determine whether DOT has effective cyber security monitoring in place for its networks and information systems. Specifically, we assessed DOT’s policies and procedures for (1) monitoring, detecting, and eradicating cyber incidents, and (2) reporting incidents and their resolutions to appropriate authorities. DOT’s Office of Chief Information Officer (OCIO) has not ensured that the Department’s Security Operations Center (Center) has access to all departmental systems or required the Center to consider incident risk, thus limiting the Center’s ability to effectively monitor, detect, and eradicate cyber incidents.Federal law requires agency heads to ensure that information systems are secure and to delegate to chief information officers the authority to ensure Federal compliance. However, without OCIO’s approval, the Federal Aviation Administration (FAA) conducts its own monitoring of the national airspace system (NAS) through its Cyber Operations Center (NCO) and this monitoring is incomplete. FAA officials have initiated NCO’s monitoring of only 11 of 39 NAS systems that need monitoring. OCIO also has not ensured that the OCIO’s lack of enforcement of DOT’s cyber security policies coupled with the weaknesses in FAA’s monitoring puts the Department’s information systems at risk for compromise.”

Sorry, comments are closed for this post.