Multiple Department of Transportation (DOT) Operating Adminstrations Lack Effective Information System Disaster Recovery Plans and Exercises [open pdf - 142KB]
"The Department of Transportation (DOT) relies on more than 450 information systems, including air traffic control, communication, and network systems, that provide fundamental capabilities for keeping the Nation's transportation system safe and operational. However, these systems are vulnerable to a variety of disruptions, ranging from mild (short-term power outage, hardware disk drive failure) to severe (equipment destruction, fire). As such, effective disaster recovery planning is critical to maintain information system safety and efficiency for DOT and its Operating Administrations (OAs) in the event of an unexpected event. The importance of disaster recovery planning was recently underscored in September 2014, when a Federal Aviation Administration (FAA) contract employee deliberately set fire to critical equipment at FAA's Chicago Air Route Traffic Control Center. This was the second time since May 2014 that a fire at a Chicago area air traffic control facility resulted in delays and cancellations of hundreds of flights in and out of O'Hare and Midway international airports. Given these concerns, we initiated this audit to review the effectiveness of DOT's disaster recovery plans and exercises. Our objectives were to determine whether (1) DOT and its OAs have developed adequate disaster recovery plans for their key information systems and (2) DOT and its OAs conduct effective test exercises of these plans to ensure they will work in the event of a disruption."
FI-2016-024; Financial and Information Technology Audits
U.S. Department of Transportation :https://www.oig.dot.gov