Computer Security of DOT’s Delphi Financial Management System
We issued a report regarding the computer security and controls over DOT’s new financial management system, Delphi, which eventually will replace the Department’s existing accounting system. Delphi has significantly improved DOT’s ability to account for funds and generate financial information. When fully implemented, it will account for over $50 billion entrusted to DOT each year, including over $10 billion in contractor and employee payments.
In order for the replacement system to achieve its full potential, however, DOT needs to enhance security and controls of Delphi operations. We found that some employees could process unauthorized payments and intruders could launch attacks on Delphi networks. We also found that critical security measures had not been implemented or enforced, system changes were not properly tested, and contingency planning was not adequate. We recommended that DOT restrict user access to sensitive transactions such as payment requests and approvals, strengthen network access security, protect sensitive information stored in Delphi, control system changes, and enhance contingency planning to ensure business continuity in case of disasters.