Computer Security Challenges Within the Department of Transportation
The Inspector General testified on computer security challenges in DOT at a hearing before the House Government Reform Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations. He told the panel that notwithstanding recent progress, DOT still has a long way to go to adequately secure its computer systems. In particular, DOT:
- needs to appoint a Chief Information Officer with the authority to provide Department-wide leadership and enforce compliance with security guidance;
- computer systems are vulnerable because of unsecured network entry points;
- did not perform sufficient analyses to determine whether computer security incidents were caused by deliberate intrusion or innocent acts and did not report three of 10 major web defacements;
- improved web security and privacy protection are essential;
- needs to improve performing background checks on contractor employees;
- needs to double the number of annual security certification reviews to meet the December 2005 milestone to identify vulnerabilities in all mission?critical systems and determine the costs to fix the security weaknesses.