More than 5,600 cybersecurity problems plague the Department of Transportation’s numerous information technology systems, but officials there have yet to decide when fixes for just one-fifth of those problems will be made, according to a government watchdog.
About 21 percent of the 5,628 known problems in the department’s 458 IT systems “did not have planned start dates for remediation of the weaknesses, and almost 52 percent — including some that were moderate and high risk — did not document costs of remediation,” the DOT inspector general said in a report made public this week.
Two-thirds of the IT systems are operated by the Federal Aviation Administration and are integral to management of the nation’s commercial airline flights, the IG said. About $90 billion in payments are processed annually by DOT IT systems.
The IG said DOT officials responsible for the department’s IT systems “have not addressed all weaknesses we previously identified.” Among those unaddressed problems are establishment of an automated continuous monitoring system for cybersecurity threats.
DOT officials “have also not finalized procedures, oversight and risk assessment for common security controls,” the IG said.
Mark Tapscott is executive editor of the Washington Examiner.
