The Department of Transportation, the branch of the federal government that controls our highways, flight paths, and train schedules, is vulnerable to a cyber attack. An audit required under the Cybersecurity Act of 2015 found that the DOT likely can't adequately protect information in its computer systems.
Unfortunately, that audit found that the agency is coming up short because it either doesn't have access to, or has not implemented, the tools necessary to do so.
According to DOT, these tools include:
- Procedures for conducting inventories of software and associated licenses
- Software or policies preventing the loss of important data
- The ability to monitor and information that can be used to identify or de-anonymize an individual
- The capability to protect copyrighted digital material
The Office of the Chief Information Officer said that these oversights are due to "unclear guidance and a lack of resources."
The DOT's stated mission is to, "Serve the United States by ensuring a fast, safe, efficient, accessible and convenient transportation system that meets our vital national interests and enhances the quality of life of the American people, today and into the future."
The department has access to information like flight records, train schedules, shipping manifests, driving records, methods and schedules of the transportation for hazardous materials, and much more. Information that could be dangerous if it ends up in the wrong hands.
2015 was a bad year for federal cybersecurity. Hackers infiltrated the network system of the Office of Personnel Management and stole the personal information of over 21 million current and former federal employees.
Other government entities that were recently attacked:
- U.S. Army website, June 2015
- Internal Revenue Service, May 2015
- Department of Defense, April 2015
- Department of State, November 2014
- United States Postal Service, November 2014