Watchdog identifies cybersecurity training deficiencies at Transportation Department
A congressional watchdog has called on the Department of Transportation to improve cybersecurity training for senior managers after an audit found a lack of clarity in training requirements at the department.
In a report published May 16, the Government Accountability Office found that although the Department of Transportation has cybersecurity as a stated agency objective, a majority of senior official performance plans reviewed did not contain cybersecurity-related objectives.
GAO said: “Although DOT established performance plans for these managers, the plans did not always include cybersecurity-related expectations. Additionally, the CIO did not always participate in the performance reviews of OA CIO equivalents.”
“As a result, DOT has less assurance that operating administrations are aligned with the department in carrying out cybersecurity-related responsibilities,” it added.
Following its audit, the GAO has recommended that the Transportation secretary direct the DOT chief information officer to address cybersecurity recommendations raised previously by GAO, and also for the DOT CIO to work with human resources staff to implement cybersecurity-related performance expectations for senior IT managers.
In addition, the Government Accountability Office has called on the Transportation Secretary to participate in the performance reviews of chief information officers within the agency’s different bureaus.
Publication of this report comes shortly after the Department of Transportation reported a cyber breach to Congress that may have exposed the personally identifiable information of federal government employees using the TRANServe commuting benefits system.
In a note obtained by Fedscoop, the DOT said it was working to notify affected individuals whose personally identifiable information may have been compromised as a result of the breach and to help mitigate potential risks.
Details of the breach were first obtained by Reuters, which reported that the breach is expected to affect 114,000 current federal employees and 123,000 former federal employees.