"The number of cyber incidents reported by Federal agencies has increased significantly over the last several years. For example, in 2014, the Department of Transportation (DOT) experienced over 2,200 incidents that affected its operations. These incidents have also increased in breadth and depth throughout the Federal Government. In June 2015, the Office of Personnel Management reported that two intrusions alone were so large that they had possibly compromised the information of approximately 22 million current and former Federal employees and contractors. An effective response to cyber incidents minimizes disruptions to information systems and data losses. We self-initiated this audit because of DOT's large number of information systems that contain sensitive data. Our audit objective was to determine whether DOT has effective cyber security monitoring in place for its networks and information systems. Specifically, we assessed DOT's policies and procedures for (1) monitoring, detecting, and eradicating cyber incidents, and (2) reporting incidents and their resolutions to appropriate authorities. We conducted our work in accordance with generally accepted Government auditing standards. We reviewed policy documentation, including the Department's Cyber Security Incident Response Plan (IRP). We interviewed personnel in the Office of the Chief Information Officer (OCIO), personnel at the Federal Aviation Administration's (FAA) Air Traffic Organization, subject matter experts at the Cyber Security Management Center's (CSMC) Security Operations Center, and staff at FAA's National Airspace System's (NAS) Cyber Operations (NCO) and DOT's Common Operating Environment (COE). During these interviews, we were briefed on the processes for detecting and handling incidents. See exhibit A for additional details on our scope and methodology."
Department of Transportation, Office of the Inspector General, Report Number FI-2017-001
Department of Transportation, Office of the Inspector General: https://www.oig.dot.gov/