A new report published by the U.S. Government Accountability Office (GAO) finds that the Department of Transportation (DoT) can be doing more to effectively implement cybersecurity policies across the agency and its components.

On the plus side, the watchdog agency found in the May 15 report that DoT “has established cybersecurity roles and responsibilities for officials that manage cybersecurity at agencies within the department.” And it said that “DOT’s Chief Information Officer regularly communicates with staff about cyber threats, and provides cybersecurity tools and technical assistance.”

“However, we found that DOT could improve how it implements cybersecurity policies,” GAO said. It cited one example in which “DOT reviewed component agency cybersecurity programs for agencies within the department, but didn’t use the reviews to address longstanding cyber issues.”

“DOT policy requires annual reviews of component agency cybersecurity programs,” GAO continued. “However, the reviews have not been effective in taking needed actions.”

The report looks at nine different components – including the Federal Aviation Administration (FAA) and the Federal Highway Administration (FHA) – that make up the bulk of the department and found that more needs to be done can be address cybersecurity problems.

“While DOT’s strategic plan identified cybersecurity as an organizational objective, 15 of 18 managers’ performance plans did not include cybersecurity-related expectations,” GAO said. “Further, the department CIO did not always participate in evaluating the performance of component agency CIOs,” it said.

The report lays out three recommendations for DOT, all of which the agency concurred with:

  • Use annual reviews to fix some of the issues found by the DOT Inspector General (IG);
  • Confirm that all senior managers perform plans that include cybersecurity; and
  • Involve the DOT CIO’ in evaluating the performance of component CIOs.

The GAO report came at the same time as DoT has been dealing with a data breach that exposed the data of 237,000 current and former Federal employees.

Read More About
More Topics
Jose Rascon
Jose Rascon
Jose Rascon is a MeriTalk Staff Reporter covering the intersection of government and technology.