FMCSA audit used to highlight cybersecurity concerns

December 3, 2021

Mark Schremmer


As part of a review of the cybersecurity levels of the FMCSA web servers, investigators were able to gain access to more than 13 million unauthorized records.

The audit by the U.S. Department of Transportation’s Office of Inspector General was used as an example of the importance of protecting the nation’s transportation infrastructure during a U.S. House of Representatives hearing on Thursday, Dec. 2.

“If breached, these systems could have cost the department millions of dollars in credit-monitoring fees to protect affected individuals from identity theft,” wrote Kevin Dorsey, assistant inspector general for information technology audits of the Department of Transportation. “We also identified recurring weaknesses that we could exploit, including poor security practices, such as weak administrative-level login credentials, unpatched servers and workstations, and a lack of encryption of sensitive data.”

The Office of Inspector General released the findings of the audit in October, saying the breach could have cost up to $570 million.

Audits also were conducted into the Volpe National Transportation Systems Center, and the Maritime Administration.

“Many of the weaknesses we found at FMCSA also tie into the same persistent enterprise-level security risks we found during our audits of MARAD and Volpe’s IT networks and systems,” Dorsey wrote. “These weaknesses are of particular concern given that these operating administrations’ networks process, store and transmit a substantial amount of sensitive information and are connected to DOT’s overall network.”

According to the report released in October, OIG offered 13 recommendations and all 13 had been resolved.

“DOT’s cybersecurity program is critical to protect its vast network of IT systems from malicious attacks and other breaches that pose a threat to the U.S. transportation system,” Dorsey wrote. “In today’s rapidly evolving cybersecurity landscape, and as the nation embarks on a new journey to upgrade and improve its transportation infrastructure, DOT faces significant challenges in strengthening its systems while adapting to new and rising challenges and threats.” LL