Connect with us

Hi, what are you looking for?

Cyber Security

Transportation Needs to Improve Cyber Policy Implementation, Watchdog Finds

The Department of Transportation should better implement its policies for established cyber roles, including improving training and role expectations, according to a recent GAO report.

The Department of Transportation needs to improve how it implements its cybersecurity policies, despite some progress in such policies, according to a Government Accountability Office report released Monday. 

The report release comes just days after the agency disclosed a cybersecurity attack that impacted its administrative systems. 

According to the report, Transportation has established cybersecurity roles and responsibilities for officials managing these policies at agencies within Transportation. While its chief information officer “regularly communicates with staff about cyber threats and provides cybersecurity tools and technical assistance,” Transportation could “improve how it implements cybersecurity policies,” GAO stated.

Specifically, Transportation reviewed cybersecurity programs for its component agencies, but did not use these reviews to address long term cybersecurity issues. As a result, GAO noted that these reviews have “not been effective” to help take the necessary actions to implement the 63 unresolved cybersecurity recommendations from the agency’s inspector general. 

Furthermore, while Transportation lists cybersecurity as a priority, a majority of component agency managers’ performance plans—15 out of 18—did not include cybersecurity expectations. In addition, Transportation’s CIO did not always participate in component agency CIO evaluations, despite agency regulations requiring such participation, resulting in “less assurance that component agencies are aligned with the department in carrying out cybersecurity-related responsibilities,” according to GAO. 

As reported by the agency’s Inspector General and GAO, Transportation’s cybersecurity training for roles had “deficiencies” and recommendations to fix these have yet to be implemented.

“The risks to IT systems supporting the federal government and the nation’s critical infrastructure are increasing as security threats continue to evolve and become more sophisticated,” GAO stated. “Therefore, it is imperative for agencies to clearly define cybersecurity-related roles and responsibilities and effectively oversee their cybersecurity programs in order to manage the risks associated with the operation and use of information systems.”

The watchdog made three recommendations, with which the agency agreed. 

In particular, GAO recommended that the Secretary of Transportation should direct the agency’s CIO to: take advantage of its IT program reviews to address recommendations that have not been implemented; work with human resources to create and implement a policy mandating Operating Administration senior IT managers’ performance plans include cybersecurity-related performance expectations; and take part in the reviews of OA CIOs and their equivalents. 

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.nextgov.com/cybersecurity/2023/05/transportation-needs-improve-cyber-policy-implementation-watchdog-finds/386371/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

The nation’s cyber defense agency is building onto White House efforts to secure schools’ systems nationwide with the help of major education software companies....

Cyber Security

Despite recent improvements, a watchdog report claims the agency still has more it can do to make threat-sharing policies more effective. Though the Federal...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO