IG: IT security faces time crunch at DOT

The Transportation Department’s information security program has a balancing act it must nail this year, according to a new report from the DOT inspector general.

DOT needs to strengthen the security of its air traffic control systems, while protecting its other information technology systems as the agency consolidates IT operations departmentwide, said Todd Zinser, DOT’s former acting IG, in the Oct. 23 report.

The IG report contains the results of the IG’s annual audit of the department’s information security program, in accordance with the Federal Information Security Management Act of 2002.

“Fiscal 2007 will be a particularly challenging year for the department in managing its IT security and investments,” Zinser said.

The agency is relocating all DOT divisions except the Federal Aviation Administration and the Surface Transportation Board – including more than 75 information systems – next year to a new campus in Southeast Washington, D.C.

As part of the transition, DOT centralized each division’s IT infrastructures, including e-mail, desktop computing and local-area networks, into a common IT operating environment. According to the IG, this will enhance efficiency and create new complications because the potential consequences of a disruption will affect multiple divisions rather than just one.

The schedule for implementing and testing this new infrastructure is still evolving because of move-related problems, the report states.

Separately, DOT will maintain the air traffic control system, which the president designated a national critical infrastructure. The IG criticized the department for not delivering on previous promises to fix weaknesses in the air traffic control systems infrastructure. For several years, the FAA has promised to review vulnerabilities on all operational systems and develop contingency plans for restoring essential air services in case of an outage.

The “FAA has not made adequate progress in implementing planned corrective actions,” Zinser said. “During fiscal 2006, FAA made limited progress in these areas due, according to FAA management, to funding constraints. We recognize that FAA faces critical decisions in balancing its priorities and using its funds at a time of increasingly tight budgets. Yet issues concerning the security of a critical national infrastructure should receive priority and immediate attention.”

The IG noted progress in the areas of tracking, prioritizing and correcting security weaknesses, which were major IG concerns last year. DOT also improved management of its IT investments by granting more purse power to the departmental Investment Review Board. Subsequently, the board tightened management of the FAA Telecommunications Infrastructure, a multibillion-dollar project.

Now the IG wants the agency to create finite performance measures, such as earned value management criteria, for each DOT division review board to use in monitoring projects. Zinser said EVM would provide managers with accurate cost and schedule data in making major IT business decisions.

OMB’s list of high-risk IT investments names 13 DOT projects, including 12 related to air traffic control modernization. The Government Accountability Office’s high-risk list has flagged these modernization projects for more than 10 years.

The Office of the Chief Information Officer reviewed a draft of the IG report and orally concurred with the findings and recommendations, according to the final report. The office said it will submit written comments detailing the actions it will take to fulfill the recommendations. The report requests that DOT return the comments within 30 days.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.