Following less than satisfactory findings on the Department of Transportation’s (DOT) information and cybersecurity practices recently, the Office of Inspector General (OIG) has initiated a further two audits to determine cybersecurity standards at the Department.
These follow the previously announced audit on the Department’s High Value Asset (HVA) systems. The loss of access or corruption to a HVA system would of course have a serious impact on DOT and to transportation across the United States. The objectives of this audit will be to evaluate whether DOT established an effective organization-wide HVA governance program to identify and prioritize HVAs, and whether the Department assesses HVA security controls and ensures timely remediation of identified vulnerabilities.
Now, OIG has announced it is initiating audits into DOT’s cloud services and the Federal Highway Administration’s IT infrastructure.
Over the past 10 years, DOT and its operating administrations have increased their migration to and adoption of cloud computing based on Federal requirements. However, OIG says the Department lacks a comprehensive and accurate inventory of cloud systems—a key requirement for effective information system risk management.
In May 2021, the President issued Executive Order 14028, detailing the administration’s goal to modernize Federal Government cybersecurity by accelerating the movement to secure cloud services, adopting security best practices, and advancing towards Zero Trust Architecture cybersecurity plans.
Given the uncertainty over whether DOT is reporting a complete inventory of its cloud systems, DOT’s cloud systems are secure, and DOT has a strategy to address the Administration’s cybersecurity goals, OIG is initiating the review. Its objectives will be to assess the effectiveness of the Department’s cloud systems’ security and privacy controls and strategy to secure cloud services in order to implement Zero Trust Architecture.
The Federal Highway Administration (FHWA) is responsible for ensuring that America’s roads and highways continue to be among the safest and most technologically sound in the world. FHWA supports State and local governments in the design, construction, and maintenance of the Interstate System and National Highway System (Federal Aid Highway Program) and various federally and tribal owned lands (Federal Lands Highway Program). The Agency’s information systems support mission processes that aid in grant management, infrastructure inspections, inventory management, and research and development. Effective protection of these systems and the information on them prevents unauthorized access and compromise.
Due to the importance of FHWA’s programs to the United States’ transportation system and the sensitivity of some of the Agency’s information, OIG is initiating an audit of FHWA’s information technology infrastructure to determine whether security weaknesses exist that could lead to the compromise of FHWA’s systems and data.