Home / News / Report: DOT Recovery Act Websites Vulnerable to Cyber Attacks

Report: DOT Recovery Act Websites Vulnerable to Cyber Attacks

Photo: Juan Fuertes

An official in the Transportation Department’s Office of Inspector General says DOT websites launched to provide the public with information about Recovery Act funding and projects are vulnerable to cyber attacks.

DOT officials launched an audit from December 2009 to July 2010 to examine if DOT’s recovery websites, which track and disseminate the $48 billion in funds awarded for DOT’s projects, were properly configured to minimize the risk of a cyber attack.

The report concludes DOT’s websites face both high- and low-risk cyber threats.

The vulnerabilities exist “because the websites, servers, and database systems are not configured in compliance with DOT’s configuration security standards,” the report finds. “As a result, the systems are vulnerable to cyber attacks, which could not only undermine DOT’s [Recovery Act} reporting, but also interrupt DOT’s business operations.”

Most of the high-risk vulnerabilities are associated with eight of DOT’s 13 sites.

“These vulnerable websites could put users’ computers in danger by allowing hackers to gain access to the users’ computer and their personal information, thus diminishing the public’s trust in the agency.”

In some instances, computer servers, which host Recovery Act data, were at risk, open to hackers who could unleash a virus onto DOT’s network.

“By exploiting the high-risk vulnerabilities, hackers could attack the computers used by the public to access the websites and gain access to sensitive data,” the report finds, “such as password files stored on servers, take control of a server and attack other computers on DOT’s networks.”

The inspector general’s office has already briefed transportation authorities on fixes for the security risks.

In August, DOT’s inspector general said the Federal Aviation Administration’s computer systems were vulnerable to cyber attacks, spurring Congress to urge FAA to make the necessary security fixes.

Check Also

DARPA Launches Program Seeking High Performance Computing for Military Simulators

The Defense Advanced Research Projects Agency launched a new program to improve how virtual training environments replicate real-world interactions and host more complex systems. DARPA unveiled Monday that the Digital RF Battlespace Emulator program intends to build a new breed of High Performance Computing capable of supporting advanced radio frequency for simulators. 

Leave a Reply

Your email address will not be published. Required fields are marked *