IG says Transportation IT security, management lag

IT investment management and computer security are among the top challenges facing the Transportation Department in 2004, the department's inspector general said in a report released today.

Although the department made progress over the past year, Transportation still lags in securing individual systems and must do more to protect critical IT systems, especially air traffic control systems, Inspector General Kenneth Mead said in the report (PDF, 32 pages).

'These management challenges are complicated by the current government and transportation environment: we have entered a period of deficit spending; trust fund revenues are down; program needs are up; and the department has pending reauthorizations in intercity passenger rail, highways, motor carriers, and transit,' Mead said.

Only 33 percent of Transportation computer systems, and 20 percent of Federal Aviation Administration systems, had undergone security certification review as of Sept. 30. The department had established contingency plans for only 26 percent of systems in the event the systems are disrupted. 'And these plans were often inadequate,' the report said. For example, management in many cases did not conduct business impact analyses, a key planning step, to determine how long business could continue without computer support.

Transportation's Investment Review Board needs to be more active in identifying high-risk IT projects among its $2.7 billion annual IT investments, the report said. The IG urged the board to require more timely information on the projects and analyze them more completely.

In its first year in 2003, the board focused on cross-agency IT projects, such as the new Delphi financial management system. 'Yet, FAA, which is responsible for more than 80 percent of Transportation's IT investment and has had significant cost overruns and schedule delays with IT purchases, made decisions on its IT investments without the involvement of the CIO or detailed review by the board,' the report said.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group