The Transportation Department‘s inspector general has called DOT’s handling of cybersecurity incidents “ineffective and incomplete” in an audit the IG conducted on the agency’s information systems and networks.
DOT’s IG said Thursday it evaluated how the department monitors, reports, detects and resolves cyber incidents and also informs authorities of both the event and resolution.
The IG said DOT did not ensure its security operations center had access to all departmental systems is in place.
Auditors at the IG’s office also said the Federal Aviation Administration’s method of monitoring the national airspace system through its cyber operations center is incomplete as that agency performs the task without the DOT chief information officer’s approval.
The DOT security operations center’s reports to the Department of Homeland Security’s United States Computer Emergency Readiness Team were incomplete, according to the IG.