Audit Reports

 
September 07, 2001

DOT Information Security Program

Project ID: FI-2001-090
 
 
 

Summary

We performed an evaluation of the Department’s information security controls and procedures as part of the Department’s first-ever computer security report to the Office of Management and Budget, as required by the Government Information Security Reform Act passed in 2000. We found that DOT and its Operating Administrations have already taken, or are planning to initiate actions to correct deficiencies and reduce vulnerabilities identified in several OIG reports over the last 3 years. Our concerns include: 1) network security issues, most significantly FAA’s plan to place its air traffic control systems, now operating on a dedicated network, and its administrative systems on one integrated network with direct connections to the Internet; 2) system security, most significantly the continued vulnerability of DOT’s computer systems to access by unauthorized Department personnel and contractors; 3) the need to designate at least one additional computer system at FAA and Coast Guard as infrastructure critical assets; and 4) maintaining web security and privacy protections in the face of constant changes in technology and web development.

.