The Department of Transportation (DoT) is in the process of putting together an agency-wide cybersecurity plan and hopes to go public with the plan by the end of September, according to a new report from the Government Accountability Office (GAO).
GAO updated DoT’s progress on the cybersecurity plan in its annual open priority recommendations report to the agency dated June 10 and released on June 17. Over the past year, DoT acted on two open priority recommendations from GAO, and GAO added three new priority recommendations for the agency to work on.
The open priority recommendation for DoT to develop a cybersecurity risk management strategy was originally delivered to the agency in 2019, and DoT agreed with the GAO recommendation at that time.
In its June 10 report, GAO said, “as of March 2024, DOT officials stated that they had drafted a departmental cybersecurity strategy and planned to finalize it in the fourth quarter of fiscal year 2024.”
“To fully implement this recommendation, the agency needs to develop a cybersecurity risk management strategy that includes key elements, including a discussion of the agency’s risk tolerance and how it intends to assess, respond to, and monitor risks,” GAO said.
“Implementing this recommendation would help DOT address the growing number of cyber threats to systems and data by taking a risk-based approach to cybersecurity by effectively identifying, prioritizing, and managing DOT’s cyber risks,” the watchdog agency said.
GAO offered no further details on the plan being prepared by DoT.