Cybersecurity Planning Weaknesses May Hinder the Efficient Use of Future Resources

In its fiscal year 2011 budget request, the Department of Transportation’s (DOT's) Office of the Chief Information Officer (OCIO) requested a one-time appropriation of $30 million to close the Department’s most serious cybersecurity gaps. Between fiscal years 2012 through 2015, Congress appropriated almost $29 million to support DOT’s cybersecurity initiatives. Persistent weaknesses—such as those described in the Office of Inspector General's (OIG's) 2015 review required by the Federal Information Security Management Act of 2002 (FISMA)—underscore the importance of the Department’s use of available funds to the extent possible to secure its systems. Due to the large investments that OCIO has made in cybersecurity over recent years, OIG initiated this audit. The objectives were to determine whether OCIO (1) expended the appropriated funds to support cybersecurity initiatives, and (2) adequately planned for its cybersecurity funding needs. To conduct this work, OIG reviewed Office of the Secretary (OST) and congressional budget information, Office of Management and Budget (OMB) and DOT’s budget guidance, and Homeland Security Presidential Directives that define cybersecurity priorities and initiatives. OIG also reviewed OCIO’s budget planning documents, internal reports and studies, and interviewed DOT officials. Findings include: (1) OCIO expended funds for cybersecurity initiatives as appropriated but had billing issues; and (2) OCIO did not adequately document or plan for its cybersecurity funding needs.

• Record URL:
  https://www.oig.dot.gov/sites/default/files/DOT%20Cybersecurity%20Funding%20Final%20Report%5E8-7-17.pdf
• 
• Corporate Authors:

  Department of Transportation

  Office of Inspector General, 1200 New Jersey Avenue, SE
  Washington, DC  United States  20590
• Publication Date: 2017-8-7

Language

• English

Media Info

• Media Type: Digital/other
• Edition: Audit Report
• Features: Appendices; References; Tables;
• Pagination: 24p

Subject/Index Terms

• TRT Terms: Billing; Budgeting; Computer security; Expenditures; Government funding; National security; Strategic planning
• Identifier Terms: U.S. Department of Transportation; U.S. Department of Transportation Office of the Chief Information Officer
• Subject Areas: Administration and Management; Finance; Planning and Forecasting; Security and Emergencies; Transportation (General);

Filing Info

• Accession Number: 01644053
• Record Type: Publication
• Report/Paper Numbers: FI2017066
• Files: TRIS, ATRI, USDOT
• Created Date: Aug 24 2017 5:21PM