The effectiveness of the Department of Transportation's (DOT) information security program and practices has been found ineffective, according to information from the DOT Office of Inspector General (OIG).
Among several criticisms, the OIG said DOT efforts for protecting computer networks was insufficient and identification of information–security weaknesses was not being consistently carried out. Because of the problems, DOT cannot effectively direct or ensure that citizens whose private information is compromised are properly notified.
DOT also was not ensuring that all of its employees and contractors receive the appropriate degree of computer-security training needed to prevent them from contributing to security weaknesses and breaches, the report stated.
The OIG said it is making 27 specific recommendations to address the deficiencies. Those recommendations included in the report can be accessed online.