DOT Information Security Program
We issued our report on DOT’s information security program to meet the legislative mandate of the Federal Information Security Management Act. We found that in the past year DOT has made significant progress toward meeting its commitment to improve information security; most noteworthy is its improvement in protecting its computer systems from attack by outsiders. However, DOT still needs to make progress in securing its computer systems from attack by insiders: employees, contractors, grantees, and industry associations. According to the FBI, insiders remain a major threat; insiders were responsible for about 50 percent of unauthorized computer activities in 2003.
Because of the security weaknesses that still need to be corrected, DOT's information security program remains a "material weakness" and requires continued senior management attention. We recommended that the Department improve oversight of its information technology investments, further enhance network security, secure systems from attacks, better protect air traffic control systems, enforce background checks of contractor employees, and enhance contingency planning to ensure business continuity in case key computer system operations are disrupted for a prolonged period.