U.S. DOT audit reveals problems with FMCSA’s cybersecurity

An investigation into the Federal Motor Carrier Safety Administration’s web servers found them to be vulnerable to a malware attack.

The U.S. Department of Transportation’s Inspector General outlined the problems with FMCSA’s information technology infrastructure in a recent audit report.

FMCSA uses 13 web-based applications to aid vehicle registration, inspections and other activities. Many of FMCSA’s information systems contain sensitive data, including personal identifiable information. The audit was conducted to determine if there were any security weaknesses.

“We found vulnerabilities in several Agency web servers that allowed us to gain unauthorized access to FMCSA’s network,” the U.S. DOT report said. “FMCSA did not detect our access or placement of malware on the network in part because it did not use required automated detection tools and malicious code protections.”

According to the report, investigators gained access to 13.6 million unencrypted records of personal identifiable information. The DOT’s Office of Inspector General says it could have cost FMCSA up to $570 million in credit monitoring fees if malicious hackers had obtained the information.

“These weaknesses put FMCSA’s network and data at risk for unauthorized access and compromise,” the report said.

The DOT Inspector General issued 13 recommendations, including developing and implementing stronger malicious code protection and detection rules.

According to the report, all 13 recommendations have been resolved.

The FMCSA’s National Registry of Certified Medical Examiners website experienced a lengthy outage in 2017 and 2018 after a security breach. LL