GAO Calls for Improved Implementation of Cybersecurity Policy at Department of Transportation

The Government Accountability Office said the Department of Transportation needs to improve its cybersecurity policy implementation.

According to a GAO report, the DOT implemented cybersecurity policies and established roles and responsibilities for officials managing cyber policies. The GAO said while the department reviewed its cybersecurity programs for its component agencies, it did not use the review to assess long-term issues.

The oversight body said the department’s reviews were not effective in taking necessary actions to implement 63 GAO recommendations. The GAO also noted that while the DOT chief information officer is proactive in communicating cyber threats to staff members, more can be done to implement cybersecurity policies, Nextgov reported.

The GAO recommended that the transportation secretary direct the CIO to use its program reviews to address unattended cybersecurity recommendations, work with human resources officials to create a policy to include cybersecurity-related performance expectations for senior IT managers and participate in performance reviews.