DoT gearing up for Cybersecurity Strategy release, per GAO

June 18, 2024
1 min read



TLDR:

– The Department of Transportation (DoT) is working on a cybersecurity plan to be released by September.

– The Government Accountability Office (GAO) provided updates on DoT’s progress, adding new recommendations for the agency.

Article Summary

The Department of Transportation (DoT) is currently in the process of developing an agency-wide cybersecurity plan, which is expected to be made public by the end of September. The Government Accountability Office (GAO) recently provided updates on DoT’s progress in its annual open priority recommendations report, dated June 10. Over the past year, DoT has acted on two open priority recommendations from GAO and has received three new recommendations to work on.

One of the key recommendations for DoT is to develop a cybersecurity risk management strategy, which the agency initially received in 2019 and agreed with at that time. GAO emphasized the importance of developing this strategy to address the growing number of cyber threats and to effectively manage DoT’s cyber risks. The agency aims to finalize the cybersecurity strategy by the end of the fourth quarter of fiscal year 2024.

While GAO did not provide detailed information on the plan being prepared by DoT, the focus on cybersecurity and risk management suggests a proactive approach to protecting the agency’s systems and data. By taking a risk-based approach, DoT can identify, prioritize, and manage its cyber risks more effectively, in line with GAO’s recommendations.

This proactive stance on cybersecurity aligns with the increasing importance of safeguarding government systems and data from cyber threats. By developing a comprehensive cybersecurity strategy, DoT can enhance its overall cyber resilience and ensure the security of its operations.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and