ARRA Websites Vulnerable to Hackers and Carry Security Risks
On October 22, 2010, we issued our report on the assessment of DOT's ARRA Websites and database systems that determined if they are properly configured to minimize the risk of cyber attacks. ARRA requires unprecedented levels of transparency and accountability so that taxpayers know where their tax dollars are being spent. To address that requirement, the Department of Transportation (DOT) and its Operating Administrations (OA) deployed various Websites to collect and disseminate ARRA related information. We found that these Websites and databases contain a combination of high-, moderate-, and low-risk vulnerabilities. The vulnerabilities exist because the Websites, databases and servers were not configured in compliance with DOT configuration security standards. The DOT Chief Information Officer concurred with the findings and recommendations and discussed appropriate planned actions and completion dates.